Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iwd-1.9/wired/dbus.c
Examining data/iwd-1.9/wired/dbus.h
Examining data/iwd-1.9/wired/ethdev.c
Examining data/iwd-1.9/wired/network.h
Examining data/iwd-1.9/wired/ethdev.h
Examining data/iwd-1.9/wired/main.c
Examining data/iwd-1.9/wired/network.c
Examining data/iwd-1.9/linux/nl80211.h
Examining data/iwd-1.9/ell/queue.c
Examining data/iwd-1.9/ell/uintset.h
Examining data/iwd-1.9/ell/cert-private.h
Examining data/iwd-1.9/ell/siphash-private.h
Examining data/iwd-1.9/ell/tls.c
Examining data/iwd-1.9/ell/gvariant-private.h
Examining data/iwd-1.9/ell/pem-private.h
Examining data/iwd-1.9/ell/gvariant-util.c
Examining data/iwd-1.9/ell/dbus.c
Examining data/iwd-1.9/ell/dbus.h
Examining data/iwd-1.9/ell/hwdb.h
Examining data/iwd-1.9/ell/cipher.c
Examining data/iwd-1.9/ell/path.h
Examining data/iwd-1.9/ell/checksum.c
Examining data/iwd-1.9/ell/utf8.c
Examining data/iwd-1.9/ell/timeout.h
Examining data/iwd-1.9/ell/dir.c
Examining data/iwd-1.9/ell/netlink.c
Examining data/iwd-1.9/ell/timeout.c
Examining data/iwd-1.9/ell/rtnl.h
Examining data/iwd-1.9/ell/cert.c
Examining data/iwd-1.9/ell/log.h
Examining data/iwd-1.9/ell/plugin.h
Examining data/iwd-1.9/ell/net.h
Examining data/iwd-1.9/ell/netlink-private.h
Examining data/iwd-1.9/ell/main.h
Examining data/iwd-1.9/ell/pem.h
Examining data/iwd-1.9/ell/util.h
Examining data/iwd-1.9/ell/settings.h
Examining data/iwd-1.9/ell/pkcs5-private.h
Examining data/iwd-1.9/ell/private.h
Examining data/iwd-1.9/ell/siphash.c
Examining data/iwd-1.9/ell/strv.c
Examining data/iwd-1.9/ell/dbus-service.h
Examining data/iwd-1.9/ell/ecdh.h
Examining data/iwd-1.9/ell/dhcp.h
Examining data/iwd-1.9/ell/idle.c
Examining data/iwd-1.9/ell/cert.h
Examining data/iwd-1.9/ell/ecc.h
Examining data/iwd-1.9/ell/genl.h
Examining data/iwd-1.9/ell/idle.h
Examining data/iwd-1.9/ell/file.c
Examining data/iwd-1.9/ell/ringbuf.h
Examining data/iwd-1.9/ell/time.c
Examining data/iwd-1.9/ell/time.h
Examining data/iwd-1.9/ell/netlink.h
Examining data/iwd-1.9/ell/test.c
Examining data/iwd-1.9/ell/checksum.h
Examining data/iwd-1.9/ell/plugin.c
Examining data/iwd-1.9/ell/path.c
Examining data/iwd-1.9/ell/file.h
Examining data/iwd-1.9/ell/dhcp-transport.c
Examining data/iwd-1.9/ell/ringbuf.c
Examining data/iwd-1.9/ell/io.c
Examining data/iwd-1.9/ell/uuid.c
Examining data/iwd-1.9/ell/test.h
Examining data/iwd-1.9/ell/pkcs5.h
Examining data/iwd-1.9/ell/base64.h
Examining data/iwd-1.9/ell/ecdh.c
Examining data/iwd-1.9/ell/dbus-service.c
Examining data/iwd-1.9/ell/key.c
Examining data/iwd-1.9/ell/key.h
Examining data/iwd-1.9/ell/ecc-external.c
Examining data/iwd-1.9/ell/pem.c
Examining data/iwd-1.9/ell/string.c
Examining data/iwd-1.9/ell/tls-private.h
Examining data/iwd-1.9/ell/ecc-private.h
Examining data/iwd-1.9/ell/genl.c
Examining data/iwd-1.9/ell/main.c
Examining data/iwd-1.9/ell/util.c
Examining data/iwd-1.9/ell/ecc.c
Examining data/iwd-1.9/ell/tls-suites.c
Examining data/iwd-1.9/ell/uintset.c
Examining data/iwd-1.9/ell/random.c
Examining data/iwd-1.9/ell/hwdb.c
Examining data/iwd-1.9/ell/utf8.h
Examining data/iwd-1.9/ell/dbus-util.c
Examining data/iwd-1.9/ell/tls.h
Examining data/iwd-1.9/ell/base64.c
Examining data/iwd-1.9/ell/strv.h
Examining data/iwd-1.9/ell/io.h
Examining data/iwd-1.9/ell/tls-extensions.c
Examining data/iwd-1.9/ell/uuid.h
Examining data/iwd-1.9/ell/dbus-client.h
Examining data/iwd-1.9/ell/pkcs5.c
Examining data/iwd-1.9/ell/queue.h
Examining data/iwd-1.9/ell/dbus-client.c
Examining data/iwd-1.9/ell/dbus-message.c
Examining data/iwd-1.9/ell/signal.c
Examining data/iwd-1.9/ell/dhcp.c
Examining data/iwd-1.9/ell/cipher.h
Examining data/iwd-1.9/ell/net.c
Examining data/iwd-1.9/ell/dhcp-private.h
Examining data/iwd-1.9/ell/string.h
Examining data/iwd-1.9/ell/dbus-private.h
Examining data/iwd-1.9/ell/settings.c
Examining data/iwd-1.9/ell/hashmap.h
Examining data/iwd-1.9/ell/tls-record.c
Examining data/iwd-1.9/ell/signal.h
Examining data/iwd-1.9/ell/random.h
Examining data/iwd-1.9/ell/asn1-private.h
Examining data/iwd-1.9/ell/hashmap.c
Examining data/iwd-1.9/ell/dbus-filter.c
Examining data/iwd-1.9/ell/dir.h
Examining data/iwd-1.9/ell/missing.h
Examining data/iwd-1.9/ell/log.c
Examining data/iwd-1.9/ell/rtnl.c
Examining data/iwd-1.9/ell/dhcp-lease.c
Examining data/iwd-1.9/ell/dbus-name-cache.c
Examining data/iwd-1.9/src/blacklist.c
Examining data/iwd-1.9/src/eap.c
Examining data/iwd-1.9/src/ap.h
Examining data/iwd-1.9/src/netdev.c
Examining data/iwd-1.9/src/resolve.c
Examining data/iwd-1.9/src/simauth.c
Examining data/iwd-1.9/src/station.c
Examining data/iwd-1.9/src/anqp.c
Examining data/iwd-1.9/src/dbus.c
Examining data/iwd-1.9/src/dbus.h
Examining data/iwd-1.9/src/owe.c
Examining data/iwd-1.9/src/backtrace.c
Examining data/iwd-1.9/src/eap-sim.c
Examining data/iwd-1.9/src/eap-wsc.c
Examining data/iwd-1.9/src/owe.h
Examining data/iwd-1.9/src/eap-ttls.c
Examining data/iwd-1.9/src/netconfig.h
Examining data/iwd-1.9/src/network.h
Examining data/iwd-1.9/src/eap-mschapv2.h
Examining data/iwd-1.9/src/hotspot.c
Examining data/iwd-1.9/src/simutil.h
Examining data/iwd-1.9/src/iwd.h
Examining data/iwd-1.9/src/plugin.h
Examining data/iwd-1.9/src/anqp.h
Examining data/iwd-1.9/src/wiphy.h
Examining data/iwd-1.9/src/rfkill.h
Examining data/iwd-1.9/src/util.h
Examining data/iwd-1.9/src/eap-tls.c
Examining data/iwd-1.9/src/ie.h
Examining data/iwd-1.9/src/knownnetworks.h
Examining data/iwd-1.9/src/eap-wsc.h
Examining data/iwd-1.9/src/station.h
Examining data/iwd-1.9/src/common.h
Examining data/iwd-1.9/src/handshake.h
Examining data/iwd-1.9/src/mschaputil.c
Examining data/iwd-1.9/src/eapolutil.h
Examining data/iwd-1.9/src/fils.h
Examining data/iwd-1.9/src/scan.c
Examining data/iwd-1.9/src/eap-pwd.c
Examining data/iwd-1.9/src/wiphy.c
Examining data/iwd-1.9/src/ie.c
Examining data/iwd-1.9/src/agent.c
Examining data/iwd-1.9/src/erp.h
Examining data/iwd-1.9/src/storage.c
Examining data/iwd-1.9/src/crypto.h
Examining data/iwd-1.9/src/mpdu.c
Examining data/iwd-1.9/src/p2putil.h
Examining data/iwd-1.9/src/eap-peap.c
Examining data/iwd-1.9/src/p2p.c
Examining data/iwd-1.9/src/eap-mschapv2.c
Examining data/iwd-1.9/src/plugin.c
Examining data/iwd-1.9/src/rfkill.c
Examining data/iwd-1.9/src/frame-xchg.c
Examining data/iwd-1.9/src/eap.h
Examining data/iwd-1.9/src/simutil.c
Examining data/iwd-1.9/src/device.c
Examining data/iwd-1.9/src/p2p.h
Examining data/iwd-1.9/src/watchlist.c
Examining data/iwd-1.9/src/eap-gtc.c
Examining data/iwd-1.9/src/sae.c
Examining data/iwd-1.9/src/eap-md5.c
Examining data/iwd-1.9/src/auth-proto.h
Examining data/iwd-1.9/src/storage.h
Examining data/iwd-1.9/src/blacklist.h
Examining data/iwd-1.9/src/module.c
Examining data/iwd-1.9/src/eapol.c
Examining data/iwd-1.9/src/knownnetworks.c
Examining data/iwd-1.9/src/simauth.h
Examining data/iwd-1.9/src/nl80211util.c
Examining data/iwd-1.9/src/eap-tls-common.h
Examining data/iwd-1.9/src/scan.h
Examining data/iwd-1.9/src/module.h
Examining data/iwd-1.9/src/p2putil.c
Examining data/iwd-1.9/src/main.c
Examining data/iwd-1.9/src/util.c
Examining data/iwd-1.9/src/ft.h
Examining data/iwd-1.9/src/erp.c
Examining data/iwd-1.9/src/nl80211cmd.h
Examining data/iwd-1.9/src/ap.c
Examining data/iwd-1.9/src/nl80211util.h
Examining data/iwd-1.9/src/watchlist.h
Examining data/iwd-1.9/src/wsc.c
Examining data/iwd-1.9/src/sae.h
Examining data/iwd-1.9/src/wscutil.c
Examining data/iwd-1.9/src/ft.c
Examining data/iwd-1.9/src/crypto.c
Examining data/iwd-1.9/src/nl80211cmd.c
Examining data/iwd-1.9/src/eap-aka.c
Examining data/iwd-1.9/src/eapolutil.c
Examining data/iwd-1.9/src/fils.c
Examining data/iwd-1.9/src/mschaputil.h
Examining data/iwd-1.9/src/frame-xchg.h
Examining data/iwd-1.9/src/eapol.h
Examining data/iwd-1.9/src/resolve.h
Examining data/iwd-1.9/src/handshake.c
Examining data/iwd-1.9/src/common.c
Examining data/iwd-1.9/src/mpdu.h
Examining data/iwd-1.9/src/rrm.c
Examining data/iwd-1.9/src/manager.c
Examining data/iwd-1.9/src/wscutil.h
Examining data/iwd-1.9/src/backtrace.h
Examining data/iwd-1.9/src/netconfig.c
Examining data/iwd-1.9/src/agent.h
Examining data/iwd-1.9/src/anqputil.h
Examining data/iwd-1.9/src/wsc.h
Examining data/iwd-1.9/src/missing.h
Examining data/iwd-1.9/src/adhoc.c
Examining data/iwd-1.9/src/anqputil.c
Examining data/iwd-1.9/src/netdev.h
Examining data/iwd-1.9/src/eap-tls-common.c
Examining data/iwd-1.9/src/network.c
Examining data/iwd-1.9/src/eap-private.h
Examining data/iwd-1.9/plugins/sim_hardcoded.c
Examining data/iwd-1.9/plugins/ofono.c
Examining data/iwd-1.9/monitor/pcap.c
Examining data/iwd-1.9/monitor/display.c
Examining data/iwd-1.9/monitor/pcap.h
Examining data/iwd-1.9/monitor/nlmon.h
Examining data/iwd-1.9/monitor/nlmon.c
Examining data/iwd-1.9/monitor/main.c
Examining data/iwd-1.9/monitor/display.h
Examining data/iwd-1.9/client/station.c
Examining data/iwd-1.9/client/dbus-proxy.h
Examining data/iwd-1.9/client/network.h
Examining data/iwd-1.9/client/properties.c
Examining data/iwd-1.9/client/properties.h
Examining data/iwd-1.9/client/display.c
Examining data/iwd-1.9/client/agent.c
Examining data/iwd-1.9/client/known-networks.c
Examining data/iwd-1.9/client/command.h
Examining data/iwd-1.9/client/adapter.c
Examining data/iwd-1.9/client/device.c
Examining data/iwd-1.9/client/ad-hoc.c
Examining data/iwd-1.9/client/device.h
Examining data/iwd-1.9/client/main.c
Examining data/iwd-1.9/client/command.c
Examining data/iwd-1.9/client/agent-manager.c
Examining data/iwd-1.9/client/ap.c
Examining data/iwd-1.9/client/wsc.c
Examining data/iwd-1.9/client/dbus-proxy.c
Examining data/iwd-1.9/client/agent-manager.h
Examining data/iwd-1.9/client/agent.h
Examining data/iwd-1.9/client/display.h
Examining data/iwd-1.9/client/network.c
Examining data/iwd-1.9/tools/test-runner.c
Examining data/iwd-1.9/tools/probe-req.c
Examining data/iwd-1.9/tools/hwsim.c
Examining data/iwd-1.9/unit/test-util.c
Examining data/iwd-1.9/unit/test-client.c
Examining data/iwd-1.9/unit/test-crypto.c
Examining data/iwd-1.9/unit/test-eap-sim.c
Examining data/iwd-1.9/unit/test-mpdu.c
Examining data/iwd-1.9/unit/test-eapol.c
Examining data/iwd-1.9/unit/test-hmac-sha256.c
Examining data/iwd-1.9/unit/test-arc4.c
Examining data/iwd-1.9/unit/test-ie.c
Examining data/iwd-1.9/unit/test-wsc.c
Examining data/iwd-1.9/unit/test-cmac-aes.c
Examining data/iwd-1.9/unit/test-kdf-sha256.c
Examining data/iwd-1.9/unit/test-eap-mschapv2.c
Examining data/iwd-1.9/unit/test-p2p.c
Examining data/iwd-1.9/unit/test-hmac-sha1.c
Examining data/iwd-1.9/unit/test-ssid-security.c
Examining data/iwd-1.9/unit/test-prf-sha1.c
Examining data/iwd-1.9/unit/test-sae.c
Examining data/iwd-1.9/unit/test-hmac-md5.c
FINAL RESULTS:
data/iwd-1.9/src/backtrace.c:171:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink("/proc/self/exe", path, sizeof(path) - 1);
data/iwd-1.9/src/wiphy.c:1004:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(driver_link, driver_path, sizeof(driver_path) - 1);
data/iwd-1.9/tools/test-runner.c:1889:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(full_path, log_uid, log_gid) < 0)
data/iwd-1.9/tools/test-runner.c:2123:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(log_path, log_uid, log_gid) < 0)
data/iwd-1.9/tools/test-runner.c:2302:7: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(kernel_log, log_uid, log_gid))
data/iwd-1.9/tools/test-runner.c:3256:8: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (chown(log_dir, log_uid, log_gid) < 0)
data/iwd-1.9/client/display.c:421:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&line[line_used], entry);
data/iwd-1.9/client/display.h:37:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/iwd-1.9/client/display.h:39:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/iwd-1.9/ell/cert.c:442:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(error_buf, sizeof(error_buf), msg, ## args); \
data/iwd-1.9/ell/checksum.c:139:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_name, alg);
data/iwd-1.9/ell/checksum.c:444:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_name, info->name);
data/iwd-1.9/ell/cipher.c:117:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_type, alg_type);
data/iwd-1.9/ell/cipher.c:118:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_name, alg_name);
data/iwd-1.9/ell/cipher.c:611:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_name, name);
data/iwd-1.9/ell/cipher.c:622:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) salg.salg_name, aead_cipher_type_to_name(a));
data/iwd-1.9/ell/dbus-message.c:369:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, sizeof(str), format, args);
data/iwd-1.9/ell/dbus-service.c:332:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->metainfo, name);
data/iwd-1.9/ell/dbus-service.c:426:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, signature);
data/iwd-1.9/ell/dbus-service.c:443:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(interface->name, name);
data/iwd-1.9/ell/dbus-util.c:872:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->signature, signature);
data/iwd-1.9/ell/dbus-util.c:985:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(builder->body + start + 1, value);
data/iwd-1.9/ell/dbus-util.c:989:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(builder->body + start + 4, value);
data/iwd-1.9/ell/dbus-util.c:1128:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(builder->body + start + 1, signature);
data/iwd-1.9/ell/dbus.h:118:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 0)));
data/iwd-1.9/ell/dbus.h:123:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/iwd-1.9/ell/gvariant-util.c:382:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subsig, sig_start);
data/iwd-1.9/ell/gvariant-util.c:834:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret->signature, signature);
data/iwd-1.9/ell/hwdb.c:216:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratch_buf, "%s%s", prefix, prefix_str);
data/iwd-1.9/ell/hwdb.c:329:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scratch_buf, "%s%s", prefix, prefix_str);
data/iwd-1.9/ell/hwdb.h:47:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/iwd-1.9/ell/hwdb.h:50:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 0)));
data/iwd-1.9/ell/log.c:142:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 0)))
data/iwd-1.9/ell/log.c:146:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/iwd-1.9/ell/log.c:161:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 0)))
data/iwd-1.9/ell/log.c:210:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 0)))
data/iwd-1.9/ell/log.h:50:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 6)));
data/iwd-1.9/ell/path.c:131:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + len, basename);
data/iwd-1.9/ell/path.c:133:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, mode) == 0)
data/iwd-1.9/ell/ringbuf.h:56:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/iwd-1.9/ell/ringbuf.h:59:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 0)));
data/iwd-1.9/ell/settings.c:1121:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%" PRId64, in);
data/iwd-1.9/ell/settings.c:1167:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%" PRIu64, in);
data/iwd-1.9/ell/string.c:252:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(dest->str + dest->len, have_space, format, args);
data/iwd-1.9/ell/string.c:256:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(dest->str + dest->len, format, args_copy);
data/iwd-1.9/ell/string.h:45:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 0)));
data/iwd-1.9/ell/string.h:47:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/iwd-1.9/ell/strv.h:41:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3)));
data/iwd-1.9/ell/strv.h:44:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 0)));
data/iwd-1.9/ell/util.h:282:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/iwd-1.9/ell/util.h:284:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 0)));
data/iwd-1.9/ell/util.h:307:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/iwd-1.9/monitor/display.c:144:4: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp(pager, pager, NULL);
data/iwd-1.9/monitor/display.c:145:4: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", pager, NULL);
data/iwd-1.9/monitor/display.c:148:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("pager", "pager", NULL);
data/iwd-1.9/monitor/display.c:149:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("less", "less", NULL);
data/iwd-1.9/monitor/display.c:150:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("more", "more", NULL);
data/iwd-1.9/monitor/nlmon.c:214:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_TIMESTAMP);
data/iwd-1.9/monitor/nlmon.c:219:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
n = sprintf(ts_str + ts_pos, " %" PRId64 ".%06" PRId64,
data/iwd-1.9/monitor/nlmon.c:229:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(ts_str + ts_pos, "%s", COLOR_OFF);
data/iwd-1.9/monitor/nlmon.c:235:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%s", color);
data/iwd-1.9/monitor/nlmon.c:240:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%c %s", ident, label);
data/iwd-1.9/monitor/nlmon.c:267:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, "%s", COLOR_OFF);
data/iwd-1.9/monitor/nlmon.c:273:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
n = sprintf(line + pos, " %s", extra);
data/iwd-1.9/monitor/nlmon.c:6791:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
pos += sprintf(str + pos, "%s%s", table[i].name,
data/iwd-1.9/src/backtrace.c:91:3: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("addr2line", "-C", "-f", "-e", program_exec, NULL);
data/iwd-1.9/src/erp.c:289:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, ascii);
data/iwd-1.9/src/erp.c:379:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
nai_len = sprintf(erp->keyname_nai, "%s@%s", emsk_name,
data/iwd-1.9/src/erp.c:505:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptr, ERP_RMSK_LABEL);
data/iwd-1.9/src/knownnetworks.c:431:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(query.ssid, ssid);
data/iwd-1.9/src/knownnetworks.c:687:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(network->ssid, ssid);
data/iwd-1.9/src/netdev.c:4360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_name, netdev->name);
data/iwd-1.9/src/netdev.c:4369:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(netdev->name, RTA_DATA(attr));
data/iwd-1.9/src/network.c:228:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(network->ssid, ssid);
data/iwd-1.9/src/network.c:357:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(setting, "%s-Password", secret->id);
data/iwd-1.9/src/resolve.c:358:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
resolvconf = popen(cmd, "w");
data/iwd-1.9/src/resolve.c:362:16: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
resolvconf = popen(cmd, "r");
data/iwd-1.9/src/storage.c:342:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, decoded);
data/iwd-1.9/src/storage.h:29:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/iwd-1.9/src/storage.h:33:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/iwd-1.9/src/wsc.c:826:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf(buf + offset, "%s",
data/iwd-1.9/tools/test-runner.c:478:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(argv[pos], "vfio-pci,host=%s",
data/iwd-1.9/tools/test-runner.c:500:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(argv[pos], "usb-host,hostbus=%s,hostaddr=%s",
data/iwd-1.9/tools/test-runner.c:1036:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifnames + ifnames_size, wiphys[i]->interface_name);
data/iwd-1.9/tools/test-runner.c:1776:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(interval_str, "%s", "...");
data/iwd-1.9/tools/test-runner.c:2022:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size += sprintf(var + size, "%s=", wiphy->name);
data/iwd-1.9/tools/test-runner.c:2025:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size += sprintf(var + size,
data/iwd-1.9/tools/test-runner.c:2148:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!system("which ofonod > /dev/null 2>&1"))
data/iwd-1.9/tools/test-runner.c:2151:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!system("which phonesim > /dev/null 2>&1"))
data/iwd-1.9/tools/test-runner.c:2274:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("/bin/sh"))
data/iwd-1.9/tools/test-runner.c:2286:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("cat /tmp/valgrind.log"))
data/iwd-1.9/tools/test-runner.c:2289:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("echo \"\" > /tmp/valgrind.log"))
data/iwd-1.9/tools/test-runner.c:2300:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(dmesg))
data/iwd-1.9/tools/test-runner.c:2836:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("lshw -C network"))
data/iwd-1.9/tools/test-runner.c:2892:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(log_dir, test_action_str);
data/iwd-1.9/wired/ethdev.c:544:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->ifname, ifname);
data/iwd-1.9/client/command.c:684:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "u:p:P:dh", command_opts, NULL);
data/iwd-1.9/client/display.c:688:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
data_home = getenv("XDG_DATA_HOME");
data/iwd-1.9/client/display.c:692:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home_path = getenv("HOME");
data/iwd-1.9/ell/dbus.c:1193:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
address = getenv("DBUS_SYSTEM_BUS_ADDRESS");
data/iwd-1.9/ell/dbus.c:1198:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
address = getenv("DBUS_SESSION_BUS_ADDRESS");
data/iwd-1.9/ell/main.c:368:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sock = getenv("NOTIFY_SOCKET");
data/iwd-1.9/ell/main.c:395:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
watchdog_usec = getenv("WATCHDOG_USEC");
data/iwd-1.9/ell/random.c:104:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() * RAND_MAX + random();
data/iwd-1.9/ell/random.c:104:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random() * RAND_MAX + random();
data/iwd-1.9/monitor/display.c:106:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pager = getenv("PAGER");
data/iwd-1.9/monitor/main.c:702:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "r:w:a:F:i:nvhys",
data/iwd-1.9/plugins/sim_hardcoded.c:266:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *config_path = getenv("IWD_SIM_KEYS");
data/iwd-1.9/src/eap-tls-common.c:260:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (!getenv("IWD_TLS_DEBUG"))
data/iwd-1.9/src/eap-tls-common.c:586:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_TLS_DEBUG"))
data/iwd-1.9/src/main.c:375:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "Bi:I:p:P:d::vh",
data/iwd-1.9/src/main.c:443:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
config_dir = getenv("CONFIGURATION_DIRECTORY");
data/iwd-1.9/src/main.c:480:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_GENL_DEBUG"))
data/iwd-1.9/src/main.c:489:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_RTNL_DEBUG"))
data/iwd-1.9/src/netconfig.c:1009:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_DHCP_DEBUG"))
data/iwd-1.9/src/resolve.c:469:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
path = getenv("PATH");
data/iwd-1.9/src/storage.c:190:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
state_dir = getenv("STATE_DIRECTORY");
data/iwd-1.9/src/wsc.c:152:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_WSC_DEBUG_KEYS"))
data/iwd-1.9/src/wscutil.c:2841:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint32_t random;
data/iwd-1.9/src/wscutil.c:2844:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ok = l_getrandom(&random, sizeof(random));
data/iwd-1.9/src/wscutil.c:2844:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ok = l_getrandom(&random, sizeof(random));
data/iwd-1.9/src/wscutil.c:2848:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
snprintf(pin, 8, "%07u", random);
data/iwd-1.9/tools/hwsim.c:2639:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, ":L:CD:kndetc:ipvh", main_options,
data/iwd-1.9/tools/hwsim.c:2722:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("HWSIM_DEBUG"))
data/iwd-1.9/tools/test-runner.c:420:4: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv("PATH"),
data/iwd-1.9/tools/test-runner.c:1650:16: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
target_dir = realpath(tmpfs_extra_stuff[i], NULL);
data/iwd-1.9/tools/test-runner.c:2465:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
top_level_path, getenv("PATH"));
data/iwd-1.9/tools/test-runner.c:3160:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "A:q:k:v:g:sl:UVdh", main_options,
data/iwd-1.9/tools/test-runner.c:3239:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gid = getenv("SUDO_GID");
data/iwd-1.9/tools/test-runner.c:3240:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
uid = getenv("SUDO_UID");
data/iwd-1.9/unit/test-eapol.c:2948:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("IWD_TLS_DEBUG"))
data/iwd-1.9/wired/ethdev.c:730:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("EAD_RTNL_DEBUG"))
data/iwd-1.9/wired/main.c:108:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "i:I:d::vh", main_options, NULL);
data/iwd-1.9/wired/network.c:183:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
state_dir = getenv("STATE_DIRECTORY");
data/iwd-1.9/client/display.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dashed_line[LINE_LEN] = { [0 ... LINE_LEN - 2] = '-' };
data/iwd-1.9/client/display.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char empty_line[LINE_LEN] = { [0 ... LINE_LEN - 2] = ' ' };
data/iwd-1.9/client/display.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_LEN];
data/iwd-1.9/client/display.c:436:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[MAX_PASSPHRASE_LEN + 1];
data/iwd-1.9/client/display.c:458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masked_input.passphrase + rl_point,
data/iwd-1.9/client/display.c:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masked_input.passphrase + masked_input.point,
data/iwd-1.9/client/display.c:468:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masked_input.passphrase + rl_point,
data/iwd-1.9/client/display.c:473:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(masked_input.passphrase + rl_point,
data/iwd-1.9/client/known-networks.c:51:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[255];
data/iwd-1.9/client/properties.c:31:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *properties_on_off_opts[3] = { "on", "off", NULL };
data/iwd-1.9/client/properties.c:32:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *properties_yes_no_opts[3] = { "yes", "no", NULL };
data/iwd-1.9/client/properties.h:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *properties_on_off_opts[3];
data/iwd-1.9/client/properties.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *properties_yes_no_opts[3];
data/iwd-1.9/ell/cert.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cert->asn1, buf, buf_len);
data/iwd-1.9/ell/cert.c:374:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error, "Can't get public key from certificate "
data/iwd-1.9/ell/cert.c:382:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(error, "Can't link the public key from "
data/iwd-1.9/ell/cert.c:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_buf[200];
data/iwd-1.9/ell/cert.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/iwd-1.9/ell/checksum.c:138:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "hash");
data/iwd-1.9/ell/checksum.c:406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[64];
data/iwd-1.9/ell/checksum.c:434:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "hash");
data/iwd-1.9/ell/cipher.c:280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(c_msg), &operation, sizeof(operation));
data/iwd-1.9/ell/cipher.c:313:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(algiv->iv, iv, iv_len);
data/iwd-1.9/ell/cipher.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(c_msg), &operation, sizeof(operation));
data/iwd-1.9/ell/cipher.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c_msg_buf[CMSG_SPACE(4 + iv_length)];
data/iwd-1.9/ell/cipher.c:472:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(c_msg) + 0, &len, 4);
data/iwd-1.9/ell/cipher.c:473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(c_msg) + 4, iv, iv_length);
data/iwd-1.9/ell/cipher.c:509:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*iv + 1, nonce, nonce_len);
data/iwd-1.9/ell/cipher.c:604:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "skcipher");
data/iwd-1.9/ell/cipher.c:619:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *) salg.salg_type, "aead");
data/iwd-1.9/ell/dbus-filter.c:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *key, arg_buf[6];
data/iwd-1.9/ell/dbus-message.c:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/iwd-1.9/ell/dbus-message.c:775:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->header, data, message->header_size);
data/iwd-1.9/ell/dbus-message.c:776:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->body, data + body_pos, message->body_size);
data/iwd-1.9/ell/dbus-message.c:802:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->fds, fds, num_fds * sizeof(int));
data/iwd-1.9/ell/dbus-message.c:862:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->fds, fds, num_fds * sizeof(int));
data/iwd-1.9/ell/dbus-message.c:1620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[256];
data/iwd-1.9/ell/dbus-message.c:1711:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, iter.sig_start, iter.sig_len);
data/iwd-1.9/ell/dbus-message.c:1738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsig[256];
data/iwd-1.9/ell/dbus-message.c:1882:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subsig, s + 1, sigend - s - 1);
data/iwd-1.9/ell/dbus-message.c:1930:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subsig, s + 1, sigend - s - 1);
data/iwd-1.9/ell/dbus-service.c:669:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(child->subpath, path, end - path);
data/iwd-1.9/ell/dbus-util.c:860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[256];
data/iwd-1.9/ell/dbus-util.c:970:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->body + start, &b, len);
data/iwd-1.9/ell/dbus-util.c:972:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->body + start, value, len);
data/iwd-1.9/ell/dbus-util.c:1001:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const char open,
data/iwd-1.9/ell/dbus-util.c:1014:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[256];
data/iwd-1.9/ell/dbus-util.c:1021:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*start != open || *end != close)
data/iwd-1.9/ell/dbus-util.c:1024:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expect, start + 1, end - start - 1);
data/iwd-1.9/ell/dbus-util.c:1065:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const char open,
data/iwd-1.9/ell/dbus-util.c:1084:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open,
data/iwd-1.9/ell/dbus-util.c:1181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[256];
data/iwd-1.9/ell/dbus-util.c:1191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expect, start + 1, end - start - 1);
data/iwd-1.9/ell/dbus.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/iwd-1.9/ell/dbus.c:629:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CMSG_DATA(cmsg), fds, num_fds * sizeof(int));
data/iwd-1.9/ell/dbus.c:735:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(classic->fd_buf + classic->num_fds, fds,
data/iwd-1.9/ell/dbus.c:1039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[6], hexuid[12], *ptr = hexuid;
data/iwd-1.9/ell/dbus.c:1051:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "%02x", uid[i]);
data/iwd-1.9/ell/dhcp-lease.c:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lease->domain_name, v, l);
data/iwd-1.9/ell/dhcp-private.h:78:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct dhcp_transport *s, uint32_t xid);
data/iwd-1.9/ell/dhcp-transport.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iwd-1.9/ell/dhcp-transport.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/iwd-1.9/ell/dhcp.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*buf)[2], optval, optlen);
data/iwd-1.9/ell/dhcp.c:551:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(message->chaddr, &client->addr, client->addr_len);
data/iwd-1.9/ell/dhcp.c:1105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->addr, addr, addr_len);
data/iwd-1.9/ell/dhcp.c:1220:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (client->transport->open)
data/iwd-1.9/ell/dhcp.c:1221:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (client->transport->open(client->transport,
data/iwd-1.9/ell/ecc.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, tmp, ndigits * 8);
data/iwd-1.9/ell/ecc.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, tmp, ndigits * 8);
data/iwd-1.9/ell/ecc.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y_sqr, sum, curve->ndigits * 8);
data/iwd-1.9/ell/ecc.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expo, curve->p, curve->ndigits * 8);
data/iwd-1.9/ell/ecc.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(point->y, y_min, curve->ndigits * 8);
data/iwd-1.9/ell/ecc.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(point->x, x, curve->ndigits * 8);
data/iwd-1.9/ell/ecc.c:398:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->x, resx, ndigits * 8);
data/iwd-1.9/ell/ecc.c:399:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->y, resy, ndigits * 8);
data/iwd-1.9/ell/ecc.c:411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, base, ndigits * 8);
data/iwd-1.9/ell/ecc.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, tmp, ndigits * 8);
data/iwd-1.9/ell/ecc.c:423:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, tmp, ndigits * 8);
data/iwd-1.9/ell/ecc.c:427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, r, ndigits * 8);
data/iwd-1.9/ell/ecc.c:585:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->c, buf, len);
data/iwd-1.9/ell/file.c:55:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/iwd-1.9/ell/genl.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GENL_NAMSIZ];
data/iwd-1.9/ell/genl.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GENL_NAMSIZ];
data/iwd-1.9/ell/genl.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GENL_NAMSIZ];
data/iwd-1.9/ell/genl.c:1037:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/iwd-1.9/ell/genl.c:1038:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/iwd-1.9/ell/genl.c:1652:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len + NLA_HDRLEN, data, len);
data/iwd-1.9/ell/genl.c:1683:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, iov->iov_base, iov->iov_len);
data/iwd-1.9/ell/gvariant-util.c:323:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, p, sz);
data/iwd-1.9/ell/gvariant-util.c:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &x, sz);
data/iwd-1.9/ell/gvariant-util.c:364:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsig[256];
data/iwd-1.9/ell/gvariant-util.c:379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subsig, sig_start, len);
data/iwd-1.9/ell/gvariant-util.c:414:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(subsig, sig_start + children[i].sig_start, len);
data/iwd-1.9/ell/gvariant-util.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[256];
data/iwd-1.9/ell/gvariant-util.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig, iter->sig_start + iter->sig_pos,
data/iwd-1.9/ell/gvariant-util.c:689:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[256];
data/iwd-1.9/ell/gvariant-util.c:708:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signature, nul + 1, end - nul - 1);
data/iwd-1.9/ell/gvariant-util.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[256];
data/iwd-1.9/ell/gvariant-util.c:930:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const char open,
data/iwd-1.9/ell/gvariant-util.c:944:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[256];
data/iwd-1.9/ell/gvariant-util.c:951:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (*start != open || *end != close)
data/iwd-1.9/ell/gvariant-util.c:954:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expect, start + 1, end - start - 1);
data/iwd-1.9/ell/gvariant-util.c:996:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const char open,
data/iwd-1.9/ell/gvariant-util.c:1039:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open,
data/iwd-1.9/ell/gvariant-util.c:1110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->body + start + 1, container->signature, siglen);
data/iwd-1.9/ell/gvariant-util.c:1146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[256];
data/iwd-1.9/ell/gvariant-util.c:1156:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expect, start + 1, end - start - 1);
data/iwd-1.9/ell/gvariant-util.c:1238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->body + start, value, len);
data/iwd-1.9/ell/gvariant-util.c:1252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->body + start, value, len);
data/iwd-1.9/ell/hwdb.c:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char trie_sig[8] = { 'K', 'S', 'L', 'P', 'H', 'H', 'R', 'H' };
data/iwd-1.9/ell/hwdb.c:102:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/iwd-1.9/ell/key.c:560:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prime_1, prime_buf, prime_len);
data/iwd-1.9/ell/log.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[64], *str;
data/iwd-1.9/ell/log.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[16], *str;
data/iwd-1.9/ell/main.c:399:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msec = atoi(watchdog_usec) / 1000;
data/iwd-1.9/ell/net.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_addr, ifr.ifr_hwaddr.sa_data, 6);
data/iwd-1.9/ell/netlink.c:234:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4096];
data/iwd-1.9/ell/netlink.c:235:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/iwd-1.9/ell/netlink.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((void *) nlmsg) + NLMSG_HDRLEN, data, len);
data/iwd-1.9/ell/pem.c:234:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->fd = open(filename, O_RDONLY);
data/iwd-1.9/ell/pkcs5.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, password, strlen(password));
data/iwd-1.9/ell/pkcs5.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t + strlen(password), salt, salt_len);
data/iwd-1.9/ell/pkcs5.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_dk, t, dk_len);
data/iwd-1.9/ell/pkcs5.c:153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u, salt, salt_len);
data/iwd-1.9/ell/ringbuf.c:436:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ringbuf->buffer + offset, data, end);
data/iwd-1.9/ell/ringbuf.c:445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ringbuf->buffer, data + end, left);
data/iwd-1.9/ell/rtnl.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), data, data_len);
data/iwd-1.9/ell/rtnl.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/iwd-1.9/ell/rtnl.c:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[128];
data/iwd-1.9/ell/settings.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[32];
data/iwd-1.9/ell/settings.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/iwd-1.9/ell/settings.c:360:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(group->type, type, type_len);
data/iwd-1.9/ell/settings.c:364:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(group->data, ptr + 2, bytes);
data/iwd-1.9/ell/settings.c:664:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/iwd-1.9/ell/settings.c:1026:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iwd-1.9/ell/settings.c:1073:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iwd-1.9/ell/settings.c:1119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iwd-1.9/ell/settings.c:1165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/iwd-1.9/ell/string.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->str + dest->len, src, size);
data/iwd-1.9/ell/string.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->str + dest->len, src, max);
data/iwd-1.9/ell/string.c:354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg->chars + arg->cur_len, mem, len);
data/iwd-1.9/ell/tls-record.c:179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, tls->fixed_iv[1], tls->fixed_iv_length[1]);
data/iwd-1.9/ell/tls-record.c:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ciphertext, iv + tls->fixed_iv_length[1],
data/iwd-1.9/ell/tls-record.c:243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plaintext + 5, data, fragment_len);
data/iwd-1.9/ell/tls-record.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->message_buf + tls->message_buf_len, plaintext,
data/iwd-1.9/ell/tls-record.c:420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressed + 13, tls->record_buf + 5,
data/iwd-1.9/ell/tls-record.c:565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, tls->fixed_iv[0], tls->fixed_iv_length[0]);
data/iwd-1.9/ell/tls-record.c:566:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv + tls->fixed_iv_length[0], tls->record_buf + 5,
data/iwd-1.9/ell/tls-record.c:635:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->record_buf + tls->record_buf_len, data, chunk_len);
data/iwd-1.9/ell/tls-suites.c:328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pre_master_secret + 2, random_secret, 46);
data/iwd-1.9/ell/tls-suites.c:796:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 2, prime_buf, params->prime_len);
data/iwd-1.9/ell/tls-suites.c:800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 2, &generator_buf, 1);
data/iwd-1.9/ell/tls-suites.c:804:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 2, public_buf + zeros, public_len - zeros);
data/iwd-1.9/ell/tls-suites.c:999:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + 2, public_buf + zeros, public_len - zeros);
data/iwd-1.9/ell/tls.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prfseed, label, strlen(label));
data/iwd-1.9/ell/tls.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prfseed + strlen(label), seed, seed_len);
data/iwd-1.9/ell/tls.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, prfseed, prfseed_len);
data/iwd-1.9/ell/tls.c:114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a + a_len, prfseed, prfseed_len);
data/iwd-1.9/ell/tls.c:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 0, tls->pending.client_random, 32);
data/iwd-1.9/ell/tls.c:151:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 32, tls->pending.server_random, 32);
data/iwd-1.9/ell/tls.c:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_buf[200];
data/iwd-1.9/ell/tls.c:367:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->fixed_iv[txrx], tls->pending.key_block + key_offset,
data/iwd-1.9/ell/tls.c:391:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_buf[200];
data/iwd-1.9/ell/tls.c:807:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/iwd-1.9/ell/tls.c:988:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, tls->pending.client_random, 32);
data/iwd-1.9/ell/tls.c:1043:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, tls->pending.server_random, 32);
data/iwd-1.9/ell/tls.c:1089:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, der, der_len);
data/iwd-1.9/ell/tls.c:1214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, dn, dn_size); /* value */
data/iwd-1.9/ell/tls.c:1245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 0, tls->pending.client_random, 32);
data/iwd-1.9/ell/tls.c:1246:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 32, tls->pending.server_random, 32);
data/iwd-1.9/ell/tls.c:1275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 0, tls->pending.server_random, 32);
data/iwd-1.9/ell/tls.c:1276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 32, tls->pending.client_random, 32);
data/iwd-1.9/ell/tls.c:1410:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 0, tls->prev_digest[HANDSHAKE_HASH_MD5], 16);
data/iwd-1.9/ell/tls.c:1411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seed + 16, tls->prev_digest[HANDSHAKE_HASH_SHA1], 20);
data/iwd-1.9/ell/tls.c:1579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->pending.client_random, buf + 2, 32);
data/iwd-1.9/ell/tls.c:1779:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tls->pending.server_random, buf + 2, 32);
data/iwd-1.9/ell/tls.c:2123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, tls->prev_digest[type], len);
data/iwd-1.9/ell/tls.c:3008:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/iwd-1.9/ell/uintset.c:491:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->bits, original->bits, bitmap_size);
data/iwd-1.9/ell/utf8.c:42:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
LIB_EXPORT unsigned char l_ascii_table[256] = {
data/iwd-1.9/ell/utf8.c:88:15: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t mins[3] = { 1 << 7, 1 << 11, 1 << 16 };
data/iwd-1.9/ell/util.c:123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, mem, size);
data/iwd-1.9/ell/util.c:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/iwd-1.9/ell/util.c:345:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *hexstring_common(const unsigned char *buf, size_t len,
data/iwd-1.9/ell/util.c:345:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *hexstring_common(const unsigned char *buf, size_t len,
data/iwd-1.9/ell/util.c:346:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hexdigits[static 16])
data/iwd-1.9/ell/util.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/iwd-1.9/ell/util.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/iwd-1.9/ell/util.c:610:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[PATH_MAX + 1];
data/iwd-1.9/ell/util.c:612:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[100];
data/iwd-1.9/ell/util.c:618:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/mounts", "r");
data/iwd-1.9/ell/uuid.c:228:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
LIB_EXPORT bool l_uuid_from_string(const char *src, uint8_t uuid[16])
data/iwd-1.9/ell/uuid.c:258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid, buf, sizeof(buf));
data/iwd-1.9/ell/uuid.h:56:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bool l_uuid_from_string(const char *src, uint8_t uuid[16]);
data/iwd-1.9/monitor/main.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GENL_NAMSIZ];
data/iwd-1.9/monitor/main.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GENL_HDRLEN + NLA_HDRLEN + GENL_NAMSIZ];
data/iwd-1.9/monitor/main.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), data, len);
data/iwd-1.9/monitor/nlmon.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], ts_str[64];
data/iwd-1.9/monitor/nlmon.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[68];
data/iwd-1.9/monitor/nlmon.c:329:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void print_address(unsigned int level, const char *label,
data/iwd-1.9/monitor/nlmon.c:330:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char address[6])
data/iwd-1.9/monitor/nlmon.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[18];
data/iwd-1.9/monitor/nlmon.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/iwd-1.9/monitor/nlmon.c:430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/iwd-1.9/monitor/nlmon.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suite_value[32] = "";
data/iwd-1.9/monitor/nlmon.c:1108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *mcs_set[128] = {
data/iwd-1.9/monitor/nlmon.c:1312:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *extended_capabilities_bitfield[80] = {
data/iwd-1.9/monitor/nlmon.c:1433:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_info_bitfield[16] = {
data/iwd-1.9/monitor/nlmon.c:1451:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_sm_power_save[4] = {
data/iwd-1.9/monitor/nlmon.c:1454:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_rx_stbc[4] = {
data/iwd-1.9/monitor/nlmon.c:1458:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_min_mpdu_start_spacing[8] = {
data/iwd-1.9/monitor/nlmon.c:1462:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_pco_transition_time[4] = {
data/iwd-1.9/monitor/nlmon.c:1465:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ht_capabilities_mcs_feedback[4] = {
data/iwd-1.9/monitor/nlmon.c:1549:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *capabilities[40] = {
data/iwd-1.9/monitor/nlmon.c:2621:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *category_table[256] = {
data/iwd-1.9/monitor/nlmon.c:2646:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oui, bytes + 2, 4);
data/iwd-1.9/monitor/nlmon.c:2703:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bands[256];
data/iwd-1.9/monitor/nlmon.c:2717:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(bands + pos, " 2.4 GHz,");
data/iwd-1.9/monitor/nlmon.c:2720:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(bands + pos, " 5 GHz,");
data/iwd-1.9/monitor/nlmon.c:2723:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(bands + pos, " 60 GHz,");
data/iwd-1.9/monitor/nlmon.c:2752:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *state_table[3] = {
data/iwd-1.9/monitor/nlmon.c:3750:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *status[4] = {
data/iwd-1.9/monitor/nlmon.c:3868:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dev_type[4] = {
data/iwd-1.9/monitor/nlmon.c:5970:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/iwd-1.9/monitor/nlmon.c:6136:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos = sprintf(str, "(0x%02x) len %u", type, len);
data/iwd-1.9/monitor/nlmon.c:6153:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, " [");
data/iwd-1.9/monitor/nlmon.c:6157:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "request%c",
data/iwd-1.9/monitor/nlmon.c:6163:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "multi%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6168:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "ack%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6173:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "echo%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6178:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "dump%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6183:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "root%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6188:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "match%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6193:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "atomic%c",
data/iwd-1.9/monitor/nlmon.c:6199:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "replace%c",
data/iwd-1.9/monitor/nlmon.c:6205:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "excl%c", flags ? ',' : ']');
data/iwd-1.9/monitor/nlmon.c:6210:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "create%c",
data/iwd-1.9/monitor/nlmon.c:6216:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "append%c",
data/iwd-1.9/monitor/nlmon.c:6221:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, "0x%x]", flags);
data/iwd-1.9/monitor/nlmon.c:6231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[64];
data/iwd-1.9/monitor/nlmon.c:6465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GENL_NAMSIZ];
data/iwd-1.9/monitor/nlmon.c:6500:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ð, buf, ETH_ALEN);
data/iwd-1.9/monitor/nlmon.c:6782:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos = sprintf(str, "(0x%02x)", flags);
data/iwd-1.9/monitor/nlmon.c:6786:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
pos += sprintf(str + pos, " [");
data/iwd-1.9/monitor/nlmon.c:6821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/iwd-1.9/monitor/nlmon.c:6854:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/iwd-1.9/monitor/nlmon.c:6870:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[64], line[128];
data/iwd-1.9/monitor/nlmon.c:6875:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "re");
data/iwd-1.9/monitor/nlmon.c:7024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[256];
data/iwd-1.9/monitor/nlmon.c:7194:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/iwd-1.9/monitor/nlmon.c:7195:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/iwd-1.9/monitor/nlmon.c:7352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_str[16];
data/iwd-1.9/monitor/nlmon.c:7356:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra_str, "len %u", size);
data/iwd-1.9/monitor/nlmon.c:7375:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/iwd-1.9/monitor/nlmon.c:7376:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/iwd-1.9/monitor/pcap.c:73:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcap->fd = open(pathname, O_RDONLY | O_CLOEXEC);
data/iwd-1.9/monitor/pcap.c:123:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcap->fd = open(pathname, O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC,
data/iwd-1.9/plugins/sim_hardcoded.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in1, sqn, 6);
data/iwd-1.9/plugins/sim_hardcoded.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in1 + 6, amf, 2);
data/iwd-1.9/plugins/sim_hardcoded.c:88:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in1 + 8, sqn, 6);
data/iwd-1.9/plugins/sim_hardcoded.c:90:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in1 + 14, amf, 2);
data/iwd-1.9/plugins/sim_hardcoded.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, out2 + 8, 8);
data/iwd-1.9/plugins/sim_hardcoded.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auts + 6, in1 + 8, 8);
data/iwd-1.9/plugins/sim_hardcoded.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(autn + 6, amf, 2);
data/iwd-1.9/plugins/sim_hardcoded.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(autn + 8, out1, 8);
data/iwd-1.9/plugins/sim_hardcoded.c:291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->kc, kc, len);
data/iwd-1.9/plugins/sim_hardcoded.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->sres, sres, NUM_RANDS_MAX * EAP_SIM_SRES_LEN);
data/iwd-1.9/plugins/sim_hardcoded.c:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->ki, ki, EAP_AKA_KI_LEN);
data/iwd-1.9/plugins/sim_hardcoded.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->opc, opc, EAP_AKA_OPC_LEN);
data/iwd-1.9/plugins/sim_hardcoded.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->amf, amf, EAP_AKA_AMF_LEN);
data/iwd-1.9/plugins/sim_hardcoded.c:354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->sqn, sqn, EAP_AKA_SQN_LEN);
data/iwd-1.9/src/adhoc.c:61:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open : 1;
data/iwd-1.9/src/adhoc.c:84:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sta->adhoc->open)
data/iwd-1.9/src/adhoc.c:359:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
!adhoc->gtk_set && !adhoc->open) {
data/iwd-1.9/src/adhoc.c:405:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sta->addr, mac, 6);
data/iwd-1.9/src/adhoc.c:413:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (sta->adhoc->open) {
data/iwd-1.9/src/anqp.c:197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 4, bss->addr, 6);
data/iwd-1.9/src/anqp.c:198:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 10, addr, 6);
data/iwd-1.9/src/anqp.c:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 16, bss->addr, 6);
data/iwd-1.9/src/anqp.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, anqp, len);
data/iwd-1.9/src/anqputil.c:74:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nai[256] = { 0 };
data/iwd-1.9/src/anqputil.c:85:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nai, anqp, nai_len);
data/iwd-1.9/src/anqputil.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nai_realm[256] = { 0 };
data/iwd-1.9/src/anqputil.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nai_realm, anqp + 2, nai_len);
data/iwd-1.9/src/ap.c:352:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_1, dest, 6); /* DA */
data/iwd-1.9/src/ap.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_2, bssid, 6); /* SA */
data/iwd-1.9/src/ap.c:354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_3, bssid, 6); /* BSSID */
data/iwd-1.9/src/ap.c:448:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc_pr.authorized_macs,
data/iwd-1.9/src/ap.c:473:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc_beacon.authorized_macs,
data/iwd-1.9/src/ap.c:490:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_buf + len, wsc_ie, wsc_ie_size);
data/iwd-1.9/src/ap.c:1076:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_1, dest, 6); /* DA */
data/iwd-1.9/src/ap.c:1077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_2, addr, 6); /* SA */
data/iwd-1.9/src/ap.c:1078:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_3, addr, 6); /* BSSID */
data/iwd-1.9/src/ap.c:1132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp->ies + ies_len, wsc_ie, wsc_ie_len);
data/iwd-1.9/src/ap.c:1334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sta->wsc_uuid_e, record->uuid_e, 16);
data/iwd-1.9/src/ap.c:1528:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_sta_addr, record->mac, 6);
data/iwd-1.9/src/ap.c:1549:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record->mac, from, 6);
data/iwd-1.9/src/ap.c:1784:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_1, dest, 6); /* DA */
data/iwd-1.9/src/ap.c:1785:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_2, addr, 6); /* SA */
data/iwd-1.9/src/ap.c:1786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mpdu->address_3, addr, 6); /* BSSID */
data/iwd-1.9/src/ap.c:1864:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sta->addr, from, 6);
data/iwd-1.9/src/ap.c:2065:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(config->wsc_primary_device_type.oui, wsc_wfa_oui, 3);
data/iwd-1.9/src/backtrace.c:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[20], buf[PATH_MAX * 2];
data/iwd-1.9/src/backtrace.c:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[PATH_MAX];
data/iwd-1.9/src/backtrace.c:165:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cwd[PATH_MAX];
data/iwd-1.9/src/blacklist.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->addr, addr, 6);
data/iwd-1.9/src/crypto.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, in, 8);
data/iwd-1.9/src/crypto.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
data/iwd-1.9/src/crypto.c:346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, v, 16);
data/iwd-1.9/src/crypto.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov, ad, sizeof(struct iovec) * num_ad);
data/iwd-1.9/src/crypto.c:391:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, in, 16);
data/iwd-1.9/src/crypto.c:541:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[32];
data/iwd-1.9/src/crypto.c:561:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_psk, psk, sizeof(psk));
data/iwd-1.9/src/crypto.c:654:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, len);
data/iwd-1.9/src/crypto.c:892:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, addr1, ETH_ALEN);
data/iwd-1.9/src/crypto.c:893:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ETH_ALEN, addr2, ETH_ALEN);
data/iwd-1.9/src/crypto.c:895:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, addr2, ETH_ALEN);
data/iwd-1.9/src/crypto.c:896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ETH_ALEN, addr1, ETH_ALEN);
data/iwd-1.9/src/crypto.c:903:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + pos, nonce1, 32);
data/iwd-1.9/src/crypto.c:904:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + pos + 32, nonce2, 32);
data/iwd-1.9/src/crypto.c:906:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + pos, nonce2, 32);
data/iwd-1.9/src/crypto.c:907:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + pos + 32, nonce1, 32);
data/iwd-1.9/src/crypto.c:955:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + pos, ssid, ssid_len);
data/iwd-1.9/src/crypto.c:963:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + pos, r0khid, r0kh_len);
data/iwd-1.9/src/crypto.c:966:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + pos, s0khid, ETH_ALEN);
data/iwd-1.9/src/crypto.c:988:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_pmk_r0, output, offset);
data/iwd-1.9/src/crypto.c:1015:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, r1khid, ETH_ALEN);
data/iwd-1.9/src/crypto.c:1017:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + ETH_ALEN, s1khid, ETH_ALEN);
data/iwd-1.9/src/crypto.c:1064:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context, nonce1, 32);
data/iwd-1.9/src/crypto.c:1066:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + 32, nonce2, 32);
data/iwd-1.9/src/crypto.c:1068:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + 64, addr1, ETH_ALEN);
data/iwd-1.9/src/crypto.c:1070:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context + 64 + ETH_ALEN, addr2, ETH_ALEN);
data/iwd-1.9/src/crypto.c:1108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 0, "PMK Name", 8);
data/iwd-1.9/src/crypto.c:1109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 8, addr2, 6);
data/iwd-1.9/src/crypto.c:1110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + 14, addr1, 6);
data/iwd-1.9/src/eap-aka.c:177:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id + 1, aka->rand, EAP_SIM_RAND_LEN);
data/iwd-1.9/src/eap-aka.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id + 1 + EAP_SIM_RAND_LEN, aka->autn, EAP_AKA_AUTN_LEN);
data/iwd-1.9/src/eap-aka.c:450:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aka->autn, autn, EAP_AKA_AUTN_LEN);
data/iwd-1.9/src/eap-aka.c:452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aka->rand, rand, EAP_SIM_RAND_LEN);
data/iwd-1.9/src/eap-gtc.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response + 5, gtc->password, secret_len);
data/iwd-1.9/src/eap-gtc.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identity_key[72];
data/iwd-1.9/src/eap-gtc.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[72];
data/iwd-1.9/src/eap-gtc.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key_old[72];
data/iwd-1.9/src/eap-gtc.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[72];
data/iwd-1.9/src/eap-md5.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identity_key[72];
data/iwd-1.9/src/eap-md5.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[72];
data/iwd-1.9/src/eap-md5.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key_old[72];
data/iwd-1.9/src/eap-md5.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[72];
data/iwd-1.9/src/eap-mschapv2.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/iwd-1.9/src/eap-mschapv2.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->value.peer_challenge, state->peer_challenge,
data/iwd-1.9/src/eap-mschapv2.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response->name, state->user, state->user_len);
data/iwd-1.9/src/eap-mschapv2.c:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->server_challenge, pkt + 1, MSCHAPV2_CHAL_LEN);
data/iwd-1.9/src/eap-mschapv2.c:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char authenticator_resp[42];
data/iwd-1.9/src/eap-mschapv2.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[64], setting2[64];
data/iwd-1.9/src/eap-mschapv2.c:518:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[64];
data/iwd-1.9/src/eap-mschapv2.c:550:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->password_hash, tmp, len);
data/iwd-1.9/src/eap-peap.c:221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[4], cryptobinding_tlv_value,
data/iwd-1.9/src/eap-peap.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response, nonce, cryptobinding_nonce_len);
data/iwd-1.9/src/eap-peap.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, EAP_EXTENSIONS_TLV_HEADER_LEN + 4 +
data/iwd-1.9/src/eap-peap.c:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response, client_compound_mac, cryptobinding_compound_mac_len);
data/iwd-1.9/src/eap-peap.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key_prefix[72];
data/iwd-1.9/src/eap-peap.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key_prefix[72];
data/iwd-1.9/src/eap-pwd.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, pkt, 5);
data/iwd-1.9/src/eap-pwd.c:215:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, pkt + EAP_PWD_HDR_LEN, send_bytes);
data/iwd-1.9/src/eap-pwd.c:226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pwd->tx_frag_buf, pkt + EAP_PWD_HDR_LEN + send_bytes,
data/iwd-1.9/src/eap-pwd.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, pwd->identity, strlen(pwd->identity));
data/iwd-1.9/src/eap-pwd.c:470:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(confirm_s, pkt, 32);
data/iwd-1.9/src/eap-pwd.c:532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, confirm_p, 32);
data/iwd-1.9/src/eap-pwd.c:626:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, pwd->tx_frag_pos, frag_bytes);
data/iwd-1.9/src/eap-pwd.c:675:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pwd->rx_frag_buf + 1, pkt + 3, len - 2);
data/iwd-1.9/src/eap-pwd.c:690:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pwd->rx_frag_buf + pwd->rx_frag_count, pkt + 1, len - 1);
data/iwd-1.9/src/eap-pwd.c:727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identity_key[72];
data/iwd-1.9/src/eap-pwd.c:728:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[72];
data/iwd-1.9/src/eap-pwd.c:773:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key[72];
data/iwd-1.9/src/eap-sim.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id + 1, sim->rands, sizeof(sim->rands));
data/iwd-1.9/src/eap-sim.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session_id + 1 + sizeof(sim->rands), sim->nonce,
data/iwd-1.9/src/eap-sim.c:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, sres, EAP_SIM_SRES_LEN * 3);
data/iwd-1.9/src/eap-sim.c:460:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sim->rands, contents + 2, EAP_SIM_RAND_LEN * 3);
data/iwd-1.9/src/eap-tls-common.c:71:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(databuf->data + databuf->len, data, data_len);
data/iwd-1.9/src/eap-tls-common.c:333:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + header_len,
data/iwd-1.9/src/eap-tls-common.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + EAP_TLS_HEADER_LEN + extra, pdu, pdu_len);
data/iwd-1.9/src/eap-tls-common.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key[72];
data/iwd-1.9/src/eap-tls-common.c:905:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char client_cert_setting[72];
data/iwd-1.9/src/eap-tls-common.c:906:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase_setting[72];
data/iwd-1.9/src/eap-tls-common.c:1122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key[72];
data/iwd-1.9/src/eap-tls.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tls_prefix[72];
data/iwd-1.9/src/eap-tls.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key_prefix[72];
data/iwd-1.9/src/eap-ttls.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, user_name, len);
data/iwd-1.9/src/eap-ttls.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, user_password, len);
data/iwd-1.9/src/eap-ttls.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, CHAP_CHALLENGE_LEN), challenge,
data/iwd-1.9/src/eap-ttls.c:225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, CHAP_IDENT_LEN), ident,
data/iwd-1.9/src/eap-ttls.c:227:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, CHAP_PASSWORD_LEN),
data/iwd-1.9/src/eap-ttls.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, MS_CHAP_CHALLENGE_LEN),
data/iwd-1.9/src/eap-ttls.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, CHAP_IDENT_LEN),
data/iwd-1.9/src/eap-ttls.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, NT_CHALLENGE_RESPONSE_LEN),
data/iwd-1.9/src/eap-ttls.c:294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, MSCHAPV2_CHALLENGE_LEN),
data/iwd-1.9/src/eap-ttls.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, CHAP_IDENT_LEN),
data/iwd-1.9/src/eap-ttls.c:321:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, MSCHAPV2_CHALLENGE_LEN),
data/iwd-1.9/src/eap-ttls.c:330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, MSCHAPV2_RESPONSE_LEN),
data/iwd-1.9/src/eap-ttls.c:445:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[128];
data/iwd-1.9/src/eap-ttls.c:672:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nt_server_response[MSCHAPV2_SERVER_RESPONSE_LEN];
data/iwd-1.9/src/eap-ttls.c:802:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avp_builder_reserve(builder, 1, len), data, len);
data/iwd-1.9/src/eap-ttls.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identity_key[128];
data/iwd-1.9/src/eap-ttls.c:997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_key[128];
data/iwd-1.9/src/eap-ttls.c:1042:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_key[72];
data/iwd-1.9/src/eap-ttls.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting_prefix[72];
data/iwd-1.9/src/eap-ttls.c:1094:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[72];
data/iwd-1.9/src/eap-wsc.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, iv, 16);
data/iwd-1.9/src/eap-wsc.c:278:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + len, in, in_len);
data/iwd-1.9/src/eap-wsc.c:375:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + header_len, wsc->sent_pdu + wsc->tx_frag_offset, len);
data/iwd-1.9/src/eap-wsc.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + EAP_WSC_HEADER_LEN, pdu, pdu_len);
data/iwd-1.9/src/eap-wsc.c:465:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + EAP_WSC_HEADER_LEN, pdu, pdu_len);
data/iwd-1.9/src/eap-wsc.c:495:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + EAP_WSC_HEADER_LEN, pdu, pdu_len);
data/iwd-1.9/src/eap-wsc.c:597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m7es.e_snonce2, wsc->local_snonce2, sizeof(wsc->local_snonce2));
data/iwd-1.9/src/eap-wsc.c:698:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m5es.e_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1));
data/iwd-1.9/src/eap-wsc.c:773:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->r_hash2, m4.r_hash2, sizeof(m4.r_hash2));
data/iwd-1.9/src/eap-wsc.c:979:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&creds[creds_cnt++], &wsc->open_cred,
data/iwd-1.9/src/eap-wsc.c:983:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&creds[creds_cnt++], &wsc->wpa2_cred,
data/iwd-1.9/src/eap-wsc.c:1087:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m6es.r_snonce2, wsc->local_snonce2, sizeof(wsc->local_snonce2));
data/iwd-1.9/src/eap-wsc.c:1191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m4es.r_snonce1, wsc->local_snonce1, sizeof(wsc->local_snonce1));
data/iwd-1.9/src/eap-wsc.c:1279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->e_hash1, m3.e_hash1, sizeof(m3.e_hash1));
data/iwd-1.9/src/eap-wsc.c:1280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->e_hash2, m3.e_hash2, sizeof(m3.e_hash2));
data/iwd-1.9/src/eap-wsc.c:1298:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->m2->enrollee_nonce, wsc->m1->enrollee_nonce, 16);
data/iwd-1.9/src/eap-wsc.c:1328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expected_enrollee_mac, wsc->m1->addr, 6);
data/iwd-1.9/src/eap-wsc.c:1329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expected_uuid_e, wsc->m1->uuid_e, 16);
data/iwd-1.9/src/eap-wsc.c:1586:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->rx_pdu_buf + wsc->rx_pdu_buf_offset,
data/iwd-1.9/src/eap-wsc.c:1712:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + EAP_WSC_HEADER_LEN, wsc->sent_pdu, wsc->sent_len);
data/iwd-1.9/src/eap-wsc.c:1739:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, decoded, len);
data/iwd-1.9/src/eap-wsc.c:1780:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, v, tocopy);
data/iwd-1.9/src/eap-wsc.c:1820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev_type->oui, wsc_wfa_oui, 3);
data/iwd-1.9/src/eap-wsc.c:2076:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->wpa2_cred.ssid, str, wsc->wpa2_cred.ssid_len);
data/iwd-1.9/src/eap-wsc.c:2088:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->wpa2_cred.network_key, str, len);
data/iwd-1.9/src/eap-wsc.c:2099:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->wpa2_cred.network_key, str, 64);
data/iwd-1.9/src/eap-wsc.c:2105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->wpa2_cred.addr, wsc->m1->addr, 6);
data/iwd-1.9/src/eap-wsc.c:2119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->open_cred.ssid, str, wsc->open_cred.ssid_len);
data/iwd-1.9/src/eap-wsc.c:2124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc->open_cred.addr, wsc->m1->addr, 6);
data/iwd-1.9/src/eap.c:170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, eap->method->vendor_id, 3);
data/iwd-1.9/src/eap.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, eap->method->vendor_id, 3);
data/iwd-1.9/src/eap.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, identity, len);
data/iwd-1.9/src/eap.c:365:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/iwd-1.9/src/eap.c:650:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[64];
data/iwd-1.9/src/eap.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setting[64];
data/iwd-1.9/src/eapol.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_DATA(frame, 0), encr, sizeof(encr));
data/iwd-1.9/src/eapol.c:292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, frame->eapol_key_iv, 16);
data/iwd-1.9/src/eapol.c:293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 16, kek, 16);
data/iwd-1.9/src/eapol.c:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr + key_data_len, data, data_len);
data/iwd-1.9/src/eapol.c:721:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_DATA(out_frame, mic_len), extra_data,
data/iwd-1.9/src/eapol.c:945:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->installed_gtk, gtk, gtk_len);
data/iwd-1.9/src/eapol.c:962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->installed_igtk, igtk + 6, igtk_len - 6);
data/iwd-1.9/src/eapol.c:1210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ies + ies_len, mde, mde[1] + 2);
data/iwd-1.9/src/eapol.c:1213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ies + ies_len, fte, fte[1] + 2);
data/iwd-1.9/src/eapol.c:1239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
data/iwd-1.9/src/eapol.c:1298:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ek->key_rsc, sm->handshake->gtk_rsc, 6);
data/iwd-1.9/src/eapol.c:1306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_data_buf, sm->handshake->authenticator_ie, rsne_len);
data/iwd-1.9/src/eapol.c:1700:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(step4), mic, sm->mic_len);
data/iwd-1.9/src/eapol.c:1873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(step2), mic, sm->mic_len);
data/iwd-1.9/src/eapol.c:2055:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->data, eap_data, len);
data/iwd-1.9/src/eapol.c:2510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->data, data, data_len);
data/iwd-1.9/src/eapol.c:2594:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->pmk, msk_data, 32);
data/iwd-1.9/src/eapol.c:2631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->aa, aa, 6);
data/iwd-1.9/src/eapol.c:2632:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->spa, hs->spa, 6);
data/iwd-1.9/src/erp.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname_nai[254];
data/iwd-1.9/src/erp.c:277:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[static 17])
data/iwd-1.9/src/erp.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[7] = { 'E', 'M', 'S', 'K', '\0', 0x0, 0x8};
data/iwd-1.9/src/erp.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[256];
data/iwd-1.9/src/erp.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsk_name[17];
data/iwd-1.9/src/erp.c:395:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, erp->keyname_nai, nai_len);
data/iwd-1.9/src/erp.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[256];
data/iwd-1.9/src/fils.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, fils->nonce, sizeof(fils->nonce));
data/iwd-1.9/src/fils.c:180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + FILS_NONCE_LEN, fils->anonce, sizeof(fils->anonce));
data/iwd-1.9/src/fils.c:198:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->spa, 6);
data/iwd-1.9/src/fils.c:200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->aa, 6);
data/iwd-1.9/src/fils.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->nonce, sizeof(fils->nonce));
data/iwd-1.9/src/fils.c:204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->anonce, sizeof(fils->anonce));
data/iwd-1.9/src/fils.c:226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->nonce, sizeof(fils->nonce));
data/iwd-1.9/src/fils.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->anonce, sizeof(fils->anonce));
data/iwd-1.9/src/fils.c:230:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->spa, 6);
data/iwd-1.9/src/fils.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->aa, 6);
data/iwd-1.9/src/fils.c:235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fils->ick, key_data, hash_len);
data/iwd-1.9/src/fils.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fils->fils_ft, key_data + hash_len + fils->kek_len + 16,
data/iwd-1.9/src/fils.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fils->nonce, sizeof(fils->nonce));
data/iwd-1.9/src/fils.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + sizeof(fils->nonce), fils->anonce, sizeof(fils->anonce));
data/iwd-1.9/src/fils.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fils->kek_and_tk, key_data + hash_len, fils->kek_len + 16);
data/iwd-1.9/src/fils.c:446:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fils->anonce, anonce, FILS_NONCE_LEN);
data/iwd-1.9/src/fils.c:502:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_rsc, iter.data, 8);
data/iwd-1.9/src/fils.c:547:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->anonce, sizeof(fils->anonce));
data/iwd-1.9/src/fils.c:549:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->nonce, sizeof(fils->nonce));
data/iwd-1.9/src/fils.c:551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->aa, 6);
data/iwd-1.9/src/fils.c:553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, fils->hs->spa, 6);
data/iwd-1.9/src/frame-xchg.c:312:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8192];
data/iwd-1.9/src/frame-xchg.c:313:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control[32];
data/iwd-1.9/src/frame-xchg.c:1151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, iov->iov_base, iov->iov_len);
data/iwd-1.9/src/ft.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.r0khid, hs->r0khid, hs->r0khid_len);
data/iwd-1.9/src/ft.c:305:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.r1khid, hs->r1khid, 6);
data/iwd-1.9/src/ft.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.anonce, hs->anonce, 32);
data/iwd-1.9/src/ft.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.snonce, hs->snonce, 32);
data/iwd-1.9/src/ft.c:716:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mde + 2, hs->mde + 2, 3);
data/iwd-1.9/src/ft.c:738:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.r0khid, hs->r0khid, hs->r0khid_len);
data/iwd-1.9/src/ft.c:741:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_info.snonce, hs->snonce, 32);
data/iwd-1.9/src/handshake.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->pmk, pmk, pmk_len);
data/iwd-1.9/src/handshake.c:123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->ptk, ptk, ptk_len);
data/iwd-1.9/src/handshake.c:214:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->ssid, ssid, ssid_len);
data/iwd-1.9/src/handshake.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->r0khid, r0khid, r0khid_len);
data/iwd-1.9/src/handshake.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->r1khid, r1khid, 6);
data/iwd-1.9/src/handshake.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->fils_ft, fils_ft, fils_ft_len);
data/iwd-1.9/src/handshake.c:303:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->anonce, anonce, 32);
data/iwd-1.9/src/handshake.c:612:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->pmkid, pmkid, 16);
data/iwd-1.9/src/handshake.c:622:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_pmkid, s->pmkid, 16);
data/iwd-1.9/src/handshake.c:657:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->gtk, key, key_len);
data/iwd-1.9/src/handshake.c:659:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->gtk_rsc, rsc, 6);
data/iwd-1.9/src/handshake.c:864:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, key, key_len);
data/iwd-1.9/src/ie.c:35:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ieee_oui[3] = { 0x00, 0x0f, 0xac };
data/iwd-1.9/src/ie.c:36:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char microsoft_oui[3] = { 0x00, 0x50, 0xf2 };
data/iwd-1.9/src/ie.c:37:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char wifi_alliance_oui[3] = { 0x50, 0x6f, 0x9a };
data/iwd-1.9/src/ie.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + concat_len, data + 4, ie_len - 4);
data/iwd-1.9/src/ie.c:257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + offset, oui, 3);
data/iwd-1.9/src/ie.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + offset, data, ie_len);
data/iwd-1.9/src/ie.c:375:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ie_tlv_builder_get_data(builder), data, len);
data/iwd-1.9/src/ie.c:814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_info, &info, sizeof(info));
data/iwd-1.9/src/ie.c:859:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_info, &info, sizeof(info));
data/iwd-1.9/src/ie.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:890:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:894:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:898:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:902:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:906:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, oui, 3);
data/iwd-1.9/src/ie.c:920:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((data), (oui), 3); \
data/iwd-1.9/src/ie.c:1125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + pos, info->pmkids, 16 * info->num_pmkids);
data/iwd-1.9/src/ie.c:1212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + pos, wifi_alliance_oui, 3);
data/iwd-1.9/src/ie.c:1474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_info, &info, sizeof(info));
data/iwd-1.9/src/ie.c:1532:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + pos, microsoft_oui, 3);
data/iwd-1.9/src/ie.c:2258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->mic, data + 2, mic_len);
data/iwd-1.9/src/ie.c:2260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->anonce, data + mic_len + 2, 32);
data/iwd-1.9/src/ie.c:2262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->snonce, data + mic_len + 34, 32);
data/iwd-1.9/src/ie.c:2276:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->r1khid, data, 6);
data/iwd-1.9/src/ie.c:2295:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->gtk_rsc, data + 3, 8);
data/iwd-1.9/src/ie.c:2296:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->gtk, data + 11, subelem_len - 11);
data/iwd-1.9/src/ie.c:2304:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->r0khid, data, subelem_len);
data/iwd-1.9/src/ie.c:2314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->igtk_ipn, data + 2, 6);
data/iwd-1.9/src/ie.c:2320:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->igtk, data + 9, subelem_len - 9);
data/iwd-1.9/src/ie.c:2365:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + 2, info->mic, mic_len);
data/iwd-1.9/src/ie.c:2367:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + mic_len + 2, info->anonce, 32);
data/iwd-1.9/src/ie.c:2369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + mic_len + 34, info->snonce, 32);
data/iwd-1.9/src/ie.c:2376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + 2, info->r1khid, 6);
data/iwd-1.9/src/ie.c:2386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to + 2, info->r0khid, info->r0khid_len);
data/iwd-1.9/src/ie.c:2418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->addr, data + 0, 6);
data/iwd-1.9/src/ie.c:2540:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, wifi_alliance_oui, 3);
data/iwd-1.9/src/ie.c:2545:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, rc, rc_len);
data/iwd-1.9/src/ie.c:2631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, wifi_alliance_oui, 3);
data/iwd-1.9/src/ie.h:306:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_BUILDER_SIZE];
data/iwd-1.9/src/ie.h:398:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char ieee_oui[3];
data/iwd-1.9/src/ie.h:399:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char microsoft_oui[3];
data/iwd-1.9/src/ie.h:400:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char wifi_alliance_oui[3];
data/iwd-1.9/src/knownnetworks.c:78:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[256];
data/iwd-1.9/src/knownnetworks.c:204:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return info->ops->open(info);
data/iwd-1.9/src/knownnetworks.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->uuid, uuid, 16);
data/iwd-1.9/src/knownnetworks.c:589:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
settings = network->ops->open(network);
data/iwd-1.9/src/knownnetworks.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[64];
data/iwd-1.9/src/knownnetworks.c:658:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uuid[37];
data/iwd-1.9/src/knownnetworks.c:950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[37];
data/iwd-1.9/src/knownnetworks.h:33:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
struct l_settings *(*open)(struct network_info *info);
data/iwd-1.9/src/knownnetworks.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33];
data/iwd-1.9/src/manager.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[10];
data/iwd-1.9/src/mpdu.c:83:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iter, &tmp, sizeof(tmp));
data/iwd-1.9/src/mpdu.h:270:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char address_1[6];
data/iwd-1.9/src/mpdu.h:271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char address_2[6];
data/iwd-1.9/src/mpdu.h:272:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char address_3[6];
data/iwd-1.9/src/mpdu.h:349:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char current_ap_address[6];
data/iwd-1.9/src/mschaputil.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, password_hash, 16);
data/iwd-1.9/src/mschaputil.c:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *username,
data/iwd-1.9/src/mschaputil.c:192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user, uint8_t response[static 24])
data/iwd-1.9/src/mschaputil.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, password_hash, 16);
data/iwd-1.9/src/mschaputil.c:256:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user, char response[static 42])
data/iwd-1.9/src/mschaputil.c:256:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user, char response[static 42])
data/iwd-1.9/src/mschaputil.c:309:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(response + 2, ascii, 40);
data/iwd-1.9/src/mschaputil.h:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user,
data/iwd-1.9/src/mschaputil.h:43:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user, char response[static 42]);
data/iwd-1.9/src/mschaputil.h:43:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *user, char response[static 42]);
data/iwd-1.9/src/netdev.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/iwd-1.9/src/netdev.c:308:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[256];
data/iwd-1.9/src/netdev.c:1184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf, tk, 16);
data/iwd-1.9/src/netdev.c:1201:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
data/iwd-1.9/src/netdev.c:1203:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
data/iwd-1.9/src/netdev.c:1205:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
data/iwd-1.9/src/netdev.c:1208:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_ENCR_KEY,
data/iwd-1.9/src/netdev.c:1210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY,
data/iwd-1.9/src/netdev.c:1212:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tk_buf + NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY,
data/iwd-1.9/src/netdev.c:1300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(igtk_buf, igtk, 16);
data/iwd-1.9/src/netdev.c:2434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov + iov_elems, vendor_ies,
data/iwd-1.9/src/netdev.c:2627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_addr, netdev->handshake->spa, ETH_ALEN);
data/iwd-1.9/src/netdev.c:2856:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->prev_bssid, orig_bss->addr, ETH_ALEN);
data/iwd-1.9/src/netdev.c:3052:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->handshake->snonce, netdev->prev_snonce, 32);
data/iwd-1.9/src/netdev.c:3153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_req + 2, netdev->addr, 6);
data/iwd-1.9/src/netdev.c:3154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ft_req + 8, hs->aa, 6);
data/iwd-1.9/src/netdev.c:3158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iovs + 1, iov, sizeof(*iov) * iov_len);
data/iwd-1.9/src/netdev.c:3171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->handshake->snonce, netdev->prev_snonce, 32);
data/iwd-1.9/src/netdev.c:3204:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN);
data/iwd-1.9/src/netdev.c:3205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->prev_snonce, netdev->handshake->snonce, 32);
data/iwd-1.9/src/netdev.c:3218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
data/iwd-1.9/src/netdev.c:3451:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa_resp + 2, &transaction, 2);
data/iwd-1.9/src/netdev.c:3849:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sll.sll_addr, dest, ETH_ALEN);
data/iwd-1.9/src/netdev.c:4029:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->rssi_levels, levels, levels_num);
data/iwd-1.9/src/netdev.c:4346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_name[IFNAMSIZ];
data/iwd-1.9/src/netdev.c:4361:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_addr, netdev->addr, ETH_ALEN);
data/iwd-1.9/src/netdev.c:4375:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->addr, RTA_DATA(attr), ETH_ALEN);
data/iwd-1.9/src/netdev.c:4659:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(netdev->set_mac_once, set_mac, 6);
data/iwd-1.9/src/network.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33];
data/iwd-1.9/src/network.c:936:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->secret->value, user, len1);
data/iwd-1.9/src/network.c:937:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->secret->value + len1, passwd, len2);
data/iwd-1.9/src/nl80211util.c:415:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(action_frame + 4, to, 6);
data/iwd-1.9/src/nl80211util.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(action_frame + 10, addr, 6);
data/iwd-1.9/src/nl80211util.c:417:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(action_frame + 16, to, 6);
data/iwd-1.9/src/nl80211util.c:421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iovs + 1, iov, sizeof(*iov) * iov_len);
data/iwd-1.9/src/owe.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, public_key, nbytes);
data/iwd-1.9/src/p2p.c:224:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[256];
data/iwd-1.9/src/p2p.c:335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2p_info.listen_channel.country, dev->listen_country, 3);
data/iwd-1.9/src/p2p.c:391:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 0, wsc_ie, wsc_ie_size);
data/iwd-1.9/src/p2p.c:392:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wsc_ie_size, p2p_ie, p2p_ie_size);
data/iwd-1.9/src/p2p.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wsc_ie_size + p2p_ie_size, wfd_ie, wfd_ie_size);
data/iwd-1.9/src/p2p.c:551:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_1, peer->device_addr, 6); /* DA */
data/iwd-1.9/src/p2p.c:552:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_2, dev->addr, 6); /* SA */
data/iwd-1.9/src/p2p.c:553:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_3, bssid, 6); /* BSSID */
data/iwd-1.9/src/p2p.c:561:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 1, tx_body, sizeof(struct iovec) * iov_cnt);
data/iwd-1.9/src/p2p.c:940:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr1[32], addr2[32];
data/iwd-1.9/src/p2p.c:961:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->conn_psk, creds[0].psk, 32);
data/iwd-1.9/src/p2p.c:1084:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[32];
data/iwd-1.9/src/p2p.c:1328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bssid_str[18];
data/iwd-1.9/src/p2p.c:1330:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bssid_str, util_address_to_string(dev->go_interface_addr), 18);
data/iwd-1.9/src/p2p.c:1425:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr->country, dev->listen_country, 3);
data/iwd-1.9/src/p2p.c:1670:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev->go_group_id, &info.group_id,
data/iwd-1.9/src/p2p.c:1821:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->go_interface_addr, req_info.intended_interface_addr, 6);
data/iwd-1.9/src/p2p.c:1839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp_info.intended_interface_addr, dev->conn_addr, 6);
data/iwd-1.9/src/p2p.c:2032:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dev->go_group_id, &resp_info.group_id,
data/iwd-1.9/src/p2p.c:2034:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->go_interface_addr, resp_info.intended_interface_addr, 6);
data/iwd-1.9/src/p2p.c:2110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.listen_channel.country, dev->listen_country, 3);
data/iwd-1.9/src/p2p.c:2113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.intended_interface_addr, dev->conn_addr, 6);
data/iwd-1.9/src/p2p.c:2123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.operating_channel.country, dev->listen_country, 3);
data/iwd-1.9/src/p2p.c:2221:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->go_group_id.device_addr, dev->conn_peer->device_addr, 6);
data/iwd-1.9/src/p2p.c:2259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.group_id.device_addr, dev->conn_peer->bss->addr, 6);
data/iwd-1.9/src/p2p.c:2260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info.group_id.ssid, dev->conn_peer->bss->ssid,
data/iwd-1.9/src/p2p.c:3145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_1, dest_addr, 6); /* DA */
data/iwd-1.9/src/p2p.c:3146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_2, dev->addr, 6); /* SA */
data/iwd-1.9/src/p2p.c:3147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->address_3, dev->addr, 6); /* BSSID */
data/iwd-1.9/src/p2p.c:3583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[HOST_NAME_MAX + 1];
data/iwd-1.9/src/p2p.c:3608:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->addr, ifaddr, ETH_ALEN);
data/iwd-1.9/src/p2p.c:3614:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->addr, ifaddr, ETH_ALEN);
data/iwd-1.9/src/p2p.c:3624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->device_info.device_addr, dev->addr, 6);
data/iwd-1.9/src/p2p.c:3630:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->device_info.primary_device_type.oui, microsoft_oui, 3);
data/iwd-1.9/src/p2putil.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, attr, 6);
data/iwd-1.9/src/p2putil.c:245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entries->channels, attr, entries->n_channels);
data/iwd-1.9/src/p2putil.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->device_addr, attr + 0, 6);
data/iwd-1.9/src/p2putil.c:346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->device_name, attr + 17 + types_num * 8 + 4, name_len);
data/iwd-1.9/src/p2putil.c:379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(desc->device_addr, attr + 0, 6);
data/iwd-1.9/src/p2putil.c:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(desc->interface_addr, attr + 6, 6);
data/iwd-1.9/src/p2putil.c:417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(desc->device_name, attr + 24 + types_num * 8 + 4,
data/iwd-1.9/src/p2putil.c:442:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->device_addr, attr + 0, 6);
data/iwd-1.9/src/p2putil.c:443:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->ssid, attr + 6, len - 6);
data/iwd-1.9/src/p2putil.c:462:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->device_addr, attr + 0, 6);
data/iwd-1.9/src/p2putil.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, data, len);
data/iwd-1.9/src/p2putil.c:528:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->service_mac_addr, attr + 4, 6);
data/iwd-1.9/src/p2putil.c:591:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->session_mac_addr, attr + 4, 6);
data/iwd-1.9/src/p2putil.c:786:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:812:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:865:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:989:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1050:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1084:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1139:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1297:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1377:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1453:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &d, sizeof(d));
data/iwd-1.9/src/p2putil.c:1687:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->buf + builder->offset + 3 + builder->curlen,
data/iwd-1.9/src/p2putil.c:1698:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->buf + builder->offset + 3 + builder->curlen, oui, 3);
data/iwd-1.9/src/p2putil.c:2288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + pos, p2p_ie, p2p_ie_len);
data/iwd-1.9/src/p2putil.c:2294:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + pos, wsc_ie, wsc_ie_len);
data/iwd-1.9/src/p2putil.c:2300:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret + pos, wfd_ie, wfd_ie_len);
data/iwd-1.9/src/p2putil.h:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[3];
data/iwd-1.9/src/p2putil.h:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char country[3];
data/iwd-1.9/src/p2putil.h:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/src/p2putil.h:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/src/p2putil.h:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33];
data/iwd-1.9/src/rfkill.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/iwd-1.9/src/rfkill.c:87:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = L_TFR(open(path, O_RDONLY));
data/iwd-1.9/src/rfkill.c:282:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = L_TFR(open("/dev/rfkill", O_RDWR | O_CLOEXEC));
data/iwd-1.9/src/rrm.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33]; /* Request filtered by SSID */
data/iwd-1.9/src/rrm.c:241:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, report, report_len);
data/iwd-1.9/src/rrm.c:287:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(report->bssid, bss->addr, 6);
data/iwd-1.9/src/rrm.c:546:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon->bssid, request + 7, 6);
data/iwd-1.9/src/rrm.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(beacon->ssid, data, length);
data/iwd-1.9/src/sae.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, addr1, 6);
data/iwd-1.9/src/sae.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 6, addr2, 6);
data/iwd-1.9/src/sae.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, addr2, 6);
data/iwd-1.9/src/sae.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 6, addr1, 6);
data/iwd-1.9/src/sae.c:432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sm->token, sm->token_len);
data/iwd-1.9/src/sae.c:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, confirm, 32);
data/iwd-1.9/src/sae.c:579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->kck, kck_and_pmk[0], 32);
data/iwd-1.9/src/sae.c:580:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->pmk, kck_and_pmk[1], 32);
data/iwd-1.9/src/sae.c:592:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->pmkid, tmp, 16);
data/iwd-1.9/src/sae.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->peer, sm->handshake->spa, 6);
data/iwd-1.9/src/sae.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sm->peer, sm->handshake->aa, 6);
data/iwd-1.9/src/scan.c:942:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->ssid, iter.data, iter.len);
data/iwd-1.9/src/scan.c:951:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->supp_rates_ie, iter.data - 2, iter.len + 2);
data/iwd-1.9/src/scan.c:978:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->mde, iter.data, iter.len);
data/iwd-1.9/src/scan.c:1007:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->ht_ie, iter.data - 2, iter.len + 2);
data/iwd-1.9/src/scan.c:1015:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->vht_ie, iter.data - 2, iter.len + 2);
data/iwd-1.9/src/scan.c:1032:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->hessid, iter.data + 3, 6);
data/iwd-1.9/src/scan.c:1034:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->hessid, iter.data + 1, 6);
data/iwd-1.9/src/scan.c:1130:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->addr, data, len);
data/iwd-1.9/src/scan.c:1346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bss->addr, mpdu->address_2, 6);
data/iwd-1.9/src/simutil.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, H, sizeof(H));
data/iwd-1.9/src/simutil.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, ck, EAP_AKA_CK_LEN);
data/iwd-1.9/src/simutil.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + EAP_AKA_CK_LEN, ik, EAP_AKA_IK_LEN);
data/iwd-1.9/src/simutil.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ck_p, digest, EAP_AKA_CK_LEN);
data/iwd-1.9/src/simutil.c:189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ik_p, digest + EAP_AKA_CK_LEN, EAP_AKA_IK_LEN);
data/iwd-1.9/src/simutil.c:210:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, ik_p, EAP_AKA_IK_LEN);
data/iwd-1.9/src/simutil.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + EAP_AKA_IK_LEN, ck_p, EAP_AKA_CK_LEN);
data/iwd-1.9/src/simutil.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, digest, 32);
data/iwd-1.9/src/simutil.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_encr, pos, EAP_SIM_K_ENCR_LEN);
data/iwd-1.9/src/simutil.c:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_aut, pos, EAP_AKA_PRIME_K_AUT_LEN);
data/iwd-1.9/src/simutil.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_re, pos, EAP_AKA_K_RE_LEN);
data/iwd-1.9/src/simutil.c:251:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msk, pos, EAP_SIM_MSK_LEN);
data/iwd-1.9/src/simutil.c:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emsk, pos, EAP_SIM_EMSK_LEN);
data/iwd-1.9/src/simutil.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xkey, seed, slen);
data/iwd-1.9/src/simutil.c:277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w_i, t, sizeof(t));
data/iwd-1.9/src/simutil.c:283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, w_i, 20);
data/iwd-1.9/src/simutil.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_encr, pos, EAP_SIM_K_ENCR_LEN);
data/iwd-1.9/src/simutil.c:312:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k_aut, pos, EAP_SIM_K_AUT_LEN);
data/iwd-1.9/src/simutil.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msk, pos, EAP_SIM_MSK_LEN);
data/iwd-1.9/src/simutil.c:317:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(emsk, pos, EAP_SIM_EMSK_LEN);
data/iwd-1.9/src/simutil.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + pos, data, dlen);
data/iwd-1.9/src/station.c:264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[256];
data/iwd-1.9/src/station.c:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33];
data/iwd-1.9/src/station.c:328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssid, bss->ssid, bss->ssid_len);
data/iwd-1.9/src/station.c:877:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mde + 2, bss->mde, 3);
data/iwd-1.9/src/station.c:1630:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(station->preauth_bssid, bss->addr, ETH_ALEN);
data/iwd-1.9/src/storage.c:99:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = L_TFR(open(path, O_RDONLY));
data/iwd-1.9/src/storage.c:296:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[67];
data/iwd-1.9/src/storage.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, filename, end - filename);
data/iwd-1.9/src/storage.c:328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, filename + 1, end - filename - 1);
data/iwd-1.9/src/util.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[3* 32 + 1];
data/iwd-1.9/src/util.c:60:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], start, bytes);
data/iwd-1.9/src/util.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], replacement, sizeof(replacement));
data/iwd-1.9/src/util.c:71:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], start, i);
data/iwd-1.9/src/util.c:107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[18];
data/iwd-1.9/src/util.c:109:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
data/iwd-1.9/src/util.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_addr, addr, sizeof(addr));
data/iwd-1.9/src/util.c:177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char domain[256];
data/iwd-1.9/src/util.c:185:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(domain, identity, c - identity);
data/iwd-1.9/src/util.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char username[256];
data/iwd-1.9/src/util.c:212:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(username, identity, c - identity);
data/iwd-1.9/src/wiphy.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char regdom_country[2];
data/iwd-1.9/src/wiphy.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/iwd-1.9/src/wiphy.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regdom_country[2];
data/iwd-1.9/src/wiphy.c:326:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[256];
data/iwd-1.9/src/wiphy.c:507:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, wiphy->permanent_addr, 3);
data/iwd-1.9/src/wiphy.c:536:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wiphy_generate_address_from_ssid(struct wiphy *wiphy, const char *ssid,
data/iwd-1.9/src/wiphy.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/iwd-1.9/src/wiphy.c:643:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, "\tBands:");
data/iwd-1.9/src/wiphy.c:646:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, " 2.4 GHz");
data/iwd-1.9/src/wiphy.c:649:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, " 5 GHz");
data/iwd-1.9/src/wiphy.c:657:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, "\tCiphers:");
data/iwd-1.9/src/wiphy.c:660:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, " CCMP");
data/iwd-1.9/src/wiphy.c:663:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, " TKIP");
data/iwd-1.9/src/wiphy.c:666:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len += sprintf(buf + len, " BIP");
data/iwd-1.9/src/wiphy.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wiphy->iftype_extended_capabilities[iftype] + 2,
data/iwd-1.9/src/wiphy.c:938:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wiphy->ext_features, data, len);
data/iwd-1.9/src/wiphy.c:977:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wiphy->extended_capabilities + 2,
data/iwd-1.9/src/wiphy.c:999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver_path[256];
data/iwd-1.9/src/wiphy.c:1018:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[32];
data/iwd-1.9/src/wiphy.c:1047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modalias[128];
data/iwd-1.9/src/wiphy.c:1148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wiphy->iftype_extended_capabilities[
data/iwd-1.9/src/wiphy.c:1397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/iwd-1.9/src/wiphy.c:1410:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "phy%d", wiphy->id);
data/iwd-1.9/src/wiphy.h:104:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void wiphy_generate_address_from_ssid(struct wiphy *wiphy, const char *ssid,
data/iwd-1.9/src/wsc.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsce->creds[wsce->n_creds].ssid, cred->ssid, cred->ssid_len);
data/iwd-1.9/src/wsc.c:209:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsce->creds[wsce->n_creds].psk, decoded, 32);
data/iwd-1.9/src/wsc.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsce->creds[wsce->n_creds].addr, cred->addr, 6);
data/iwd-1.9/src/wsc.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ie_iov + 1, ies, sizeof(struct iovec) * ies_num);
data/iwd-1.9/src/wsc.c:761:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_2g, probe_response.uuid_e, 16);
data/iwd-1.9/src/wsc.c:771:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uuid_5g, probe_response.uuid_e, 16);
data/iwd-1.9/src/wsc.c:818:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/iwd-1.9/src/wsc.c:976:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req.primary_device_type.oui, wfa_oui, 3);
data/iwd-1.9/src/wsc.c:1128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[9];
data/iwd-1.9/src/wsc.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[33];
data/iwd-1.9/src/wsc.h:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[64];
data/iwd-1.9/src/wscutil.c:38:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char wsc_wfa_oui[3] = { 0x00, 0x37, 0x2a };
data/iwd-1.9/src/wscutil.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 16);
data/iwd-1.9/src/wscutil.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 32);
data/iwd-1.9/src/wscutil.c:191:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 8);
data/iwd-1.9/src/wscutil.c:217:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, p, i);
data/iwd-1.9/src/wscutil.c:244:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, p, i);
data/iwd-1.9/src/wscutil.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 16);
data/iwd-1.9/src/wscutil.c:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 6);
data/iwd-1.9/src/wscutil.c:430:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, wsc_attr_iter_get_data(iter), 192);
data/iwd-1.9/src/wscutil.c:447:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->oui, pdu + 2, 3);
data/iwd-1.9/src/wscutil.c:876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, wsc_wfa_ext_iter_get_data(iter), len);
data/iwd-1.9/src/wscutil.c:929:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->ssid, ssid.iov_base, ssid.iov_len);
data/iwd-1.9/src/wscutil.c:938:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->network_key, network_key.iov_base, network_key.iov_len);
data/iwd-1.9/src/wscutil.c:1497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->new_password, np.iov_base, np.iov_len);
data/iwd-1.9/src/wscutil.c:1693:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->buf + builder->offset + builder->curlen, bytes, size);
data/iwd-1.9/src/wscutil.c:1705:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->buf + builder->offset + builder->curlen, oui, 3);
data/iwd-1.9/src/wscutil.c:1726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(builder->buf + builder->offset + builder->curlen, string, len);
data/iwd-1.9/src/wscutil.c:3044:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->oui, microsoft_oui, 3);
data/iwd-1.9/src/wscutil.h:263:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char wsc_wfa_oui[3];
data/iwd-1.9/src/wscutil.h:371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[65];
data/iwd-1.9/src/wscutil.h:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[33];
data/iwd-1.9/src/wscutil.h:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_number[33];
data/iwd-1.9/src/wscutil.h:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[33];
data/iwd-1.9/src/wscutil.h:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/src/wscutil.h:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[65];
data/iwd-1.9/src/wscutil.h:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[33];
data/iwd-1.9/src/wscutil.h:395:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_number[33];
data/iwd-1.9/src/wscutil.h:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[33];
data/iwd-1.9/src/wscutil.h:397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/src/wscutil.h:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[65];
data/iwd-1.9/src/wscutil.h:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[33];
data/iwd-1.9/src/wscutil.h:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_number[33];
data/iwd-1.9/src/wscutil.h:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[33];
data/iwd-1.9/src/wscutil.h:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/src/wscutil.h:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[65];
data/iwd-1.9/src/wscutil.h:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[33];
data/iwd-1.9/src/wscutil.h:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_number[33];
data/iwd-1.9/src/wscutil.h:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_number[33];
data/iwd-1.9/src/wscutil.h:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_name[33];
data/iwd-1.9/tools/hwsim.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alpha2[2] = { };
data/iwd-1.9/tools/hwsim.c:296:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&alpha2, data, len);
data/iwd-1.9/tools/hwsim.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alpha2[2];
data/iwd-1.9/tools/hwsim.c:430:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[15];
data/iwd-1.9/tools/hwsim.c:438:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[25];
data/iwd-1.9/tools/hwsim.c:474:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char path[16];
data/iwd-1.9/tools/hwsim.c:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[20];
data/iwd-1.9/tools/hwsim.c:500:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, buf + start_pos, pos - start_pos);
data/iwd-1.9/tools/hwsim.c:603:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->alpha2, data, 2);
data/iwd-1.9/tools/hwsim.c:833:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->addr, addr, ETH_ALEN);
data/iwd-1.9/tools/hwsim.c:1038:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec->addr, RTA_DATA(attr), ETH_ALEN);
data/iwd-1.9/tools/hwsim.c:1547:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->src_ether_addr, mpdu->address_2, ETH_ALEN);
data/iwd-1.9/tools/hwsim.c:1548:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->dst_ether_addr, mpdu->address_1, ETH_ALEN);
data/iwd-1.9/tools/hwsim.c:2408:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radio_id = atoi(options);
data/iwd-1.9/tools/hwsim.c:2462:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radio_id = atoi(options);
data/iwd-1.9/tools/probe-req.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wdev_addr, ifaddr, 6);
data/iwd-1.9/tools/probe-req.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->address_1, bcast_addr, 6); /* DA */
data/iwd-1.9/tools/probe-req.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->address_2, wdev_addr, 6); /* SA */
data/iwd-1.9/tools/probe-req.c:185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->address_3, bcast_addr, 6); /* BSSID */
data/iwd-1.9/tools/probe-req.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) mmpdu_body(hdr), probe_req_body, sizeof(probe_req_body));
data/iwd-1.9/tools/test-runner.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char log_dir[PATH_MAX];
data/iwd-1.9/tools/test-runner.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char top_level_path[PATH_MAX];
data/iwd-1.9/tools/test-runner.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/iwd-1.9/tools/test-runner.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX], testargs[PATH_MAX];
data/iwd-1.9/tools/test-runner.c:460:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argv, qemu_argv, sizeof(qemu_argv));
data/iwd-1.9/tools/test-runner.c:575:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_WRONLY);
data/iwd-1.9/tools/test-runner.c:589:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(log_file, O_WRONLY | O_CREAT | O_APPEND,
data/iwd-1.9/tools/test-runner.c:666:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/usr/share/dbus-1/system.conf", "we");
data/iwd-1.9/tools/test-runner.c:699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/iwd-1.9/tools/test-runner.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/iwd-1.9/tools/test-runner.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *state, *argv[4];
data/iwd-1.9/tools/test-runner.c:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[9];
data/iwd-1.9/tools/test-runner.c:790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/iwd-1.9/tools/test-runner.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/iwd-1.9/tools/test-runner.c:824:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/iwd-1.9/tools/test-runner.c:856:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/iwd-1.9/tools/test-runner.c:888:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/iwd-1.9/tools/test-runner.c:889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destroy_param[20];
data/iwd-1.9/tools/test-runner.c:892:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(destroy_param, "--destroy=%d", radio_id);
data/iwd-1.9/tools/test-runner.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[16];
data/iwd-1.9/tools/test-runner.c:932:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[7];
data/iwd-1.9/tools/test-runner.c:955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/iwd-1.9/tools/test-runner.c:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/iwd-1.9/tools/test-runner.c:1283:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(wiphy->name, "rad%d", i);
data/iwd-1.9/tools/test-runner.c:1515:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[13], **envp;
data/iwd-1.9/tools/test-runner.c:1537:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(valgrind_log, O_WRONLY | O_CREAT | O_APPEND,
data/iwd-1.9/tools/test-runner.c:1619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[6];
data/iwd-1.9/tools/test-runner.c:1774:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(interval_str, "%.3f sec", interval);
data/iwd-1.9/tools/test-runner.c:1852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3];
data/iwd-1.9/tools/test-runner.c:1973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep_line[80];
data/iwd-1.9/tools/test-runner.c:2032:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size += sprintf(var + size, "iwd");
data/iwd-1.9/tools/test-runner.c:2042:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[5];
data/iwd-1.9/tools/test-runner.c:2397:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep_line[80];
data/iwd-1.9/tools/test-runner.c:2571:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[2];
data/iwd-1.9/tools/test-runner.c:2844:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[CMDLINE_MAX], *ptr, *cmds;
data/iwd-1.9/tools/test-runner.c:2849:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/proc/cmdline", "re");
data/iwd-1.9/tools/test-runner.c:2870:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_gid = atoi(test_action_str);
data/iwd-1.9/tools/test-runner.c:2879:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_uid = atoi(test_action_str);
data/iwd-1.9/tools/test-runner.c:2901:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shell = atoi(test_action_str);
data/iwd-1.9/tools/test-runner.c:3002:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_action = (enum action) atoi(test_action_str);
data/iwd-1.9/unit/test-cmac-aes.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[test->tag_len];
data/iwd-1.9/unit/test-cmac-aes.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_str[test->tag_len * 2 + 1];
data/iwd-1.9/unit/test-cmac-aes.c:52:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tag_str + (i * 2), "%02x", test->tag[i]);
data/iwd-1.9/unit/test-cmac-aes.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tag_str + (i * 2), "%02x", tag[i]);
data/iwd-1.9/unit/test-cmac-aes.c:69:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char key[16] = {
data/iwd-1.9/unit/test-cmac-aes.c:74:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char msg[64] = {
data/iwd-1.9/unit/test-cmac-aes.c:85:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag_1[16] = {
data/iwd-1.9/unit/test-cmac-aes.c:90:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag_2[16] = {
data/iwd-1.9/unit/test-cmac-aes.c:95:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag_3[16] = {
data/iwd-1.9/unit/test-cmac-aes.c:100:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag_4[16] = {
data/iwd-1.9/unit/test-crypto.c:79:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32];
data/iwd-1.9/unit/test-crypto.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psk[65];
data/iwd-1.9/unit/test-crypto.c:98:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(psk + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-crypto.c:117:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pmk_data_1[32] = {
data/iwd-1.9/unit/test-crypto.c:124:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aa_data_1[6] = {
data/iwd-1.9/unit/test-crypto.c:128:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char spa_data_1[6] = {
data/iwd-1.9/unit/test-crypto.c:132:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char snonce_data_1[32] = {
data/iwd-1.9/unit/test-crypto.c:139:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char anonce_data_1[32] = {
data/iwd-1.9/unit/test-crypto.c:190:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pmk_data_3[32] = {
data/iwd-1.9/unit/test-crypto.c:197:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aa_data_3[6] = {
data/iwd-1.9/unit/test-crypto.c:201:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char spa_data_3[6] = {
data/iwd-1.9/unit/test-crypto.c:205:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char snonce_data_3[32] = {
data/iwd-1.9/unit/test-crypto.c:212:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char anonce_data_3[32] = {
data/iwd-1.9/unit/test-crypto.c:249:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char pmk_data_4[32] = {
data/iwd-1.9/unit/test-crypto.c:256:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char aa_data_4[6] = {
data/iwd-1.9/unit/test-crypto.c:260:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char spa_data_4[6] = {
data/iwd-1.9/unit/test-crypto.c:264:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char snonce_data_4[32] = {
data/iwd-1.9/unit/test-crypto.c:271:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char anonce_data_4[32] = {
data/iwd-1.9/unit/test-crypto.c:355:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, key_data, sizeof(key_data));
data/iwd-1.9/unit/test-crypto.c:362:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ciphertext, sizeof(ciphertext));
data/iwd-1.9/unit/test-eap-mschapv2.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[43];
data/iwd-1.9/unit/test-eap-sim.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt, ex_pkt, 8);
data/iwd-1.9/unit/test-eap-sim.c:188:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt + pos, ex_sres, 12);
data/iwd-1.9/unit/test-eapol.c:1757:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[32];
data/iwd-1.9/unit/test-eapol.c:1772:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anonce, step1->key_nonce, sizeof(step1->key_nonce));
data/iwd-1.9/unit/test-eapol.c:1778:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snonce, step2->key_nonce, sizeof(step2->key_nonce));
data/iwd-1.9/unit/test-eapol.c:1800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:1840:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[32];
data/iwd-1.9/unit/test-eapol.c:1857:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anonce, ptk_step1->key_nonce, sizeof(ptk_step1->key_nonce));
data/iwd-1.9/unit/test-eapol.c:1863:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snonce, ptk_step2->key_nonce, sizeof(ptk_step2->key_nonce));
data/iwd-1.9/unit/test-eapol.c:1885:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:1916:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:1947:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:1969:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[32];
data/iwd-1.9/unit/test-eapol.c:1986:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anonce, ptk_step1->key_nonce, sizeof(ptk_step1->key_nonce));
data/iwd-1.9/unit/test-eapol.c:1992:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(snonce, ptk_step2->key_nonce, sizeof(ptk_step2->key_nonce));
data/iwd-1.9/unit/test-eapol.c:2014:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:2042:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:2069:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(frame), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:2136:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce, snonce, 32);
data/iwd-1.9/unit/test-eapol.c:2514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(EAPOL_KEY_MIC(ret), mic, sizeof(mic));
data/iwd-1.9/unit/test-eapol.c:2525:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[32];
data/iwd-1.9/unit/test-eapol.c:2845:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->tx_buf + s->tx_buf_len, data, len);
data/iwd-1.9/unit/test-eapol.c:3009:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tx_buf + tx_len, s->tx_buf + s->tx_buf_offset, data_len);
data/iwd-1.9/unit/test-eapol.c:3079:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(step1_buf, eapol_key_data_13, sizeof(eapol_key_data_13));
data/iwd-1.9/unit/test-eapol.c:3083:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(step2_buf, eapol_key_data_14, sizeof(eapol_key_data_14));
data/iwd-1.9/unit/test-eapol.c:3087:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(step3_buf, eapol_key_data_15, sizeof(eapol_key_data_15));
data/iwd-1.9/unit/test-eapol.c:3091:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(step4_buf, eapol_key_data_16, sizeof(eapol_key_data_16));
data/iwd-1.9/unit/test-eapol.c:3549:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->to_sta_data, ef, len);
data/iwd-1.9/unit/test-eapol.c:3641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ths->s->ap_tk, tk, 16);
data/iwd-1.9/unit/test-eapol.c:3645:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ths->s->sta_tk, tk, 16);
data/iwd-1.9/unit/test-hmac-md5.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512];
data/iwd-1.9/unit/test-hmac-md5.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hmac[128];
data/iwd-1.9/unit/test-hmac-md5.c:61:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hmac + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-hmac-sha1.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512];
data/iwd-1.9/unit/test-hmac-sha1.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hmac[128];
data/iwd-1.9/unit/test-hmac-sha1.c:61:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hmac + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-hmac-sha256.c:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512];
data/iwd-1.9/unit/test-hmac-sha256.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hmac[128];
data/iwd-1.9/unit/test-hmac-sha256.c:61:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hmac + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-ie.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ie_tlv_builder_get_data(builder), value, len);
data/iwd-1.9/unit/test-ie.c:304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ie_tlv_builder_get_data(&builder), expected + 3, 4);
data/iwd-1.9/unit/test-kdf-sha256.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512];
data/iwd-1.9/unit/test-kdf-sha256.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kdf[128];
data/iwd-1.9/unit/test-kdf-sha256.c:64:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kdf + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-mpdu.c:39:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char dest[6];
data/iwd-1.9/unit/test-mpdu.c:40:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char src[6];
data/iwd-1.9/unit/test-mpdu.c:41:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char bssid[6];
data/iwd-1.9/unit/test-prf-sha1.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512];
data/iwd-1.9/unit/test-prf-sha1.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prf[1024];
data/iwd-1.9/unit/test-prf-sha1.c:64:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prf + (i * 2), "%02x", output[i]);
data/iwd-1.9/unit/test-sae.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(td->tx_packet, frame, len);
data/iwd-1.9/unit/test-sae.c:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->hdr.address_2, addr, 6);
data/iwd-1.9/unit/test-sae.c:216:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->auth.ies, data, len);
data/iwd-1.9/unit/test-sae.c:275:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_packet, td->tx_packet, td->tx_packet_len);
data/iwd-1.9/unit/test-sae.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_packet, td->tx_packet, td->tx_packet_len);
data/iwd-1.9/unit/test-sae.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extra + 2, td->test_clogging_token, 32);
data/iwd-1.9/unit/test-sae.c:329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_commit, td->tx_packet, td->tx_packet_len);
data/iwd-1.9/unit/test-sae.c:441:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(td->tx_packet, frame, len);
data/iwd-1.9/unit/test-sae.c:479:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_commit, td1->tx_packet, td1->tx_packet_len);
data/iwd-1.9/unit/test-sae.c:554:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_commit, td1->tx_packet, td1->tx_packet_len);
data/iwd-1.9/unit/test-sae.c:648:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_commit, td1->tx_packet, td1->tx_packet_len);
data/iwd-1.9/unit/test-wsc.c:800:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m1.public_key, test->public_key, 192);
data/iwd-1.9/unit/test-wsc.c:1158:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m2.public_key, test->public_key, 192);
data/iwd-1.9/unit/test-wsc.c:2255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[9];
data/iwd-1.9/unit/test-wsc.c:2293:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->to_sta_data, ef, len);
data/iwd-1.9/unit/test-wsc.c:2483:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid_str[33];
data/iwd-1.9/unit/test-wsc.c:2488:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wsc_data.expected_creds.addr, s.sta_address, 6);
data/iwd-1.9/unit/test-wsc.c:2496:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ssid_str, expected_creds->ssid, expected_creds->ssid_len);
data/iwd-1.9/unit/test-wsc.c:2514:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psk_str[65];
data/iwd-1.9/unit/test-wsc.c:2521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psk_str, expected_creds->network_key, 64);
data/iwd-1.9/wired/ethdev.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[IFNAMSIZ];
data/iwd-1.9/wired/ethdev.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sll.sll_addr, addr, ETH_ALEN);
data/iwd-1.9/wired/ethdev.c:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame + 4, eap_data, len);
data/iwd-1.9/wired/ethdev.c:230:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eapol->addr, addr, ETH_ALEN);
data/iwd-1.9/wired/ethdev.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128], *filename, *devtype = NULL;
data/iwd-1.9/wired/ethdev.c:364:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "re");
data/iwd-1.9/wired/ethdev.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mreq.mr_address, pae_group_addr, ETH_ALEN);
data/iwd-1.9/wired/ethdev.c:546:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->addr, addr, ETH_ALEN);
data/iwd-1.9/wired/ethdev.c:655:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[18];
data/iwd-1.9/wired/ethdev.c:657:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%02x:%02x:%02x:%02x:%02x:%02x",
data/iwd-1.9/client/ad-hoc.c:149:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0]) > 32) {
data/iwd-1.9/client/ad-hoc.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[1]) < 8) {
data/iwd-1.9/client/ad-hoc.c:180:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0]) > 32) {
data/iwd-1.9/client/adapter.c:243:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(adapter->name, text, strlen(text));
data/iwd-1.9/client/adapter.c:346:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/agent.c:369:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!prompt || !strlen(prompt)) {
data/iwd-1.9/client/agent.c:403:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!prompt || !strlen(prompt)) {
data/iwd-1.9/client/agent.c:420:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!prompt || !strlen(prompt)) {
data/iwd-1.9/client/ap.c:151:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[0]) > 32) {
data/iwd-1.9/client/ap.c:157:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[1]) < 8) {
data/iwd-1.9/client/command.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/command.c:201:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(token);
data/iwd-1.9/client/command.c:333:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(args);
data/iwd-1.9/client/command.c:360:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/dbus-proxy.c:214:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/dbus-proxy.c:262:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/device.c:260:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(device->name, text, strlen(text));
data/iwd-1.9/client/device.c:428:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/display.c:344:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) ((sizeof(dashed_line) - 1) / 2 + strlen(caption) / 2);
data/iwd-1.9/client/display.c:413:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(&line[line_used], "\n");
data/iwd-1.9/client/display.c:427:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(&line[line_used], "\n");
data/iwd-1.9/client/display.c:518:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(prompt))
data/iwd-1.9/client/known-networks.c:400:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(network->name, text, strlen(text));
data/iwd-1.9/client/known-networks.c:423:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/client/station.c:423:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/iwd-1.9/ell/cipher.c:348:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(sk, out, out_len);
data/iwd-1.9/ell/dbus-message.c:1406:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!iter->sig_start || strlen(signature) != iter->sig_len ||
data/iwd-1.9/ell/dbus-message.c:1751:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stack[stack_index].sig_end = signature + strlen(signature);
data/iwd-1.9/ell/dbus-message.c:1921:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stack[stack_index].sig_end = str + strlen(str);
data/iwd-1.9/ell/dbus-service.c:150:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(sig) + 1;
data/iwd-1.9/ell/dbus-service.c:160:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(pname) + 1;
data/iwd-1.9/ell/dbus-service.c:164:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(sig) + 1;
data/iwd-1.9/ell/dbus-service.c:174:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(pname) + 1;
data/iwd-1.9/ell/dbus-service.c:202:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(sig) + 1;
data/iwd-1.9/ell/dbus-service.c:212:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen(pname) + 1;
data/iwd-1.9/ell/dbus-service.c:277:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(signature) + 1; \
data/iwd-1.9/ell/dbus-service.c:287:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pname) + 1; \
data/iwd-1.9/ell/dbus-service.c:328:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param_info_len + strlen(name) + 1);
data/iwd-1.9/ell/dbus-service.c:331:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->name_len = strlen(name);
data/iwd-1.9/ell/dbus-service.c:379:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metainfo_len += strlen(name) + 1;
data/iwd-1.9/ell/dbus-service.c:383:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->name_len = strlen(name);
data/iwd-1.9/ell/dbus-service.c:416:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metainfo_len = strlen(name) + 1;
data/iwd-1.9/ell/dbus-service.c:417:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
metainfo_len += strlen(signature) + 1;
data/iwd-1.9/ell/dbus-service.c:421:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info->name_len = strlen(name);
data/iwd-1.9/ell/dbus-service.c:437:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
interface = l_malloc(sizeof(*interface) + strlen(name) + 1);
data/iwd-1.9/ell/dbus-service.c:833:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
signature = property->metainfo + strlen(property->metainfo) + 1;
data/iwd-1.9/ell/dbus-service.c:939:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
signature = property->metainfo + strlen(property->metainfo) + 1;
data/iwd-1.9/ell/dbus-service.c:992:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
signature = property->metainfo + strlen(property->metainfo) + 1;
data/iwd-1.9/ell/dbus-service.c:1543:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(manager->path);
data/iwd-1.9/ell/dbus-service.c:1646:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(manager->path);
data/iwd-1.9/ell/dbus-service.c:1854:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
signature = property->metainfo + strlen(property->metainfo) + 1;
data/iwd-1.9/ell/dbus-util.c:294:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (method[0] == '\0' || strlen(method) > DBUS_MAX_METHOD_LEN)
data/iwd-1.9/ell/dbus-util.c:314:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (interface[0] == '\0' || strlen(interface) > DBUS_MAX_INTERFACE_LEN)
data/iwd-1.9/ell/dbus-util.c:361:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bus_name[0] == '\0' || strlen(bus_name) > DBUS_MAX_INTERFACE_LEN)
data/iwd-1.9/ell/dbus-util.c:449:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sig_len = strlen(sig_start);
data/iwd-1.9/ell/dbus-util.c:980:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/iwd-1.9/ell/dbus-util.c:1010:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(signature) + 2 > 255)
data/iwd-1.9/ell/dbus-util.c:1088:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent->sigindex += strlen(container->signature) + 2;
data/iwd-1.9/ell/dbus-util.c:1125:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siglen = strlen(signature);
data/iwd-1.9/ell/dbus-util.c:1177:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(signature) + 1 > 255)
data/iwd-1.9/ell/dbus-util.c:1233:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent->sigindex += strlen(container->signature) + 1;
data/iwd-1.9/ell/dbus.c:405:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(classic->auth_command);
data/iwd-1.9/ell/dbus.c:1050:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(uid); i++)
data/iwd-1.9/ell/dbus.c:1122:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/iwd-1.9/ell/dbus.c:1131:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path + 1, path, sizeof(addr.sun_path) - 2);
data/iwd-1.9/ell/dbus.c:1139:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/iwd-1.9/ell/dhcp-transport.c:114:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buf, sizeof(buf));
data/iwd-1.9/ell/dhcp-transport.c:286:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifname, strlen(ifname) + 1) < 0)
data/iwd-1.9/ell/dhcp.c:606:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(client->hostname),
data/iwd-1.9/ell/dhcp.c:687:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(client->hostname),
data/iwd-1.9/ell/dir.c:185:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = L_TFR(read(fd, buf, sizeof(buf)));
data/iwd-1.9/ell/file.c:67:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nread = read(fd, contents + bytes_read, 4096);
data/iwd-1.9/ell/genl.c:1321:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(family) >= GENL_NAMSIZ)
data/iwd-1.9/ell/genl.c:1400:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/iwd-1.9/ell/genl.c:1528:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/iwd-1.9/ell/genl.c:1529:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (unlikely(strlen(name) >= GENL_NAMSIZ))
data/iwd-1.9/ell/gvariant-util.c:182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sig) > 255)
data/iwd-1.9/ell/gvariant-util.c:201:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sig) > 255)
data/iwd-1.9/ell/gvariant-util.c:386:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iter->sig_len = strlen(subsig);
data/iwd-1.9/ell/gvariant-util.c:940:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(signature) + 2 > 255)
data/iwd-1.9/ell/gvariant-util.c:1043:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent->sigindex += strlen(container->signature) + 2;
data/iwd-1.9/ell/gvariant-util.c:1107:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
siglen = strlen(container->signature);
data/iwd-1.9/ell/gvariant-util.c:1142:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(signature) + 1 > 255)
data/iwd-1.9/ell/gvariant-util.c:1203:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parent->sigindex += strlen(container->signature) + 1;
data/iwd-1.9/ell/gvariant-util.c:1250:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value) + 1;
data/iwd-1.9/ell/gvariant-util.c:1342:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 3 + strlen(signature) + 8;
data/iwd-1.9/ell/gvariant-util.c:1350:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
variant_buf = mempcpy(variant_buf, signature, strlen(signature));
data/iwd-1.9/ell/gvariant-util.c:1373:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset_start = body_size + 3 + strlen(signature);
data/iwd-1.9/ell/hashmap.c:168:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/iwd-1.9/ell/hwdb.c:214:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scratch_len = strlen(prefix) + strlen(prefix_str);
data/iwd-1.9/ell/hwdb.c:214:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scratch_len = strlen(prefix) + strlen(prefix_str);
data/iwd-1.9/ell/hwdb.c:327:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scratch_len = strlen(prefix) + strlen(prefix_str);
data/iwd-1.9/ell/hwdb.c:327:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scratch_len = strlen(prefix) + strlen(prefix_str);
data/iwd-1.9/ell/log.c:89:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/iwd-1.9/ell/log.c:234:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[4].iov_len = strlen(file);
data/iwd-1.9/ell/log.c:240:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[7].iov_len = strlen(line);
data/iwd-1.9/ell/log.c:246:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[10].iov_len = strlen(func);
data/iwd-1.9/ell/main.c:344:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err = send(notify_fd, state, strlen(state), MSG_NOSIGNAL);
data/iwd-1.9/ell/main.c:384:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, sock, sizeof(addr.sun_path) - 1);
data/iwd-1.9/ell/net.c:143:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/iwd-1.9/ell/net.c:144:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_len = strlen(suffix);
data/iwd-1.9/ell/path.c:120:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
overhead = strlen(basename) + 1;
data/iwd-1.9/ell/path.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/iwd-1.9/ell/pem.c:60:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf_len < strlen(PEM_START_BOUNDARY))
data/iwd-1.9/ell/pem.c:64:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(buf, PEM_START_BOUNDARY, strlen(PEM_START_BOUNDARY)))
data/iwd-1.9/ell/pem.c:75:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = buf + strlen(PEM_START_BOUNDARY);
data/iwd-1.9/ell/pem.c:111:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(PEM_END_BOUNDARY) + label_len + 5;
data/iwd-1.9/ell/pem.c:116:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(buf_ptr, PEM_END_BOUNDARY, strlen(PEM_END_BOUNDARY)) ||
data/iwd-1.9/ell/pem.c:117:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(buf_ptr + strlen(PEM_END_BOUNDARY),
data/iwd-1.9/ell/pem.c:155:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = label - strlen("-----BEGIN ");
data/iwd-1.9/ell/pkcs5.c:49:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t t[20 + salt_len + strlen(password)];
data/iwd-1.9/ell/pkcs5.c:77:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(t, password, strlen(password));
data/iwd-1.9/ell/pkcs5.c:78:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(t + strlen(password), salt, salt_len);
data/iwd-1.9/ell/pkcs5.c:79:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t_len = strlen(password) + salt_len;
data/iwd-1.9/ell/pkcs5.c:138:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checksum = l_checksum_new_hmac(type, password, strlen(password));
data/iwd-1.9/ell/settings.c:83:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pair->value, strlen(pair->value));
data/iwd-1.9/ell/settings.c:137:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = l_new(char, strlen(value) + 1);
data/iwd-1.9/ell/settings.c:507:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/iwd-1.9/ell/settings.c:523:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
while (equal < data + len && l_ascii_isblank(*equal))
data/iwd-1.9/ell/settings.c:523:48: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
while (equal < data + len && l_ascii_isblank(*equal))
data/iwd-1.9/ell/settings.c:526:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return parse_value(settings, equal, len - (equal - data), line);
data/iwd-1.9/ell/settings.c:648:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(ret);
data/iwd-1.9/ell/settings.c:918:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pair->value, strlen(pair->value));
data/iwd-1.9/ell/settings.c:925:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(value, strlen(value));
data/iwd-1.9/ell/signal.c:97:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/iwd-1.9/ell/string.c:156:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(src);
data/iwd-1.9/ell/strv.c:189:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(str_array[i]);
data/iwd-1.9/ell/timeout.c:76:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(timeout->fd, &expired, sizeof(expired));
data/iwd-1.9/ell/tls.c:94:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t a_len, chunk_len, prfseed_len = strlen(label) + seed_len;
data/iwd-1.9/ell/tls.c:101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(prfseed, label, strlen(label));
data/iwd-1.9/ell/tls.c:102:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(prfseed + strlen(label), seed, seed_len);
data/iwd-1.9/ell/tls.c:723:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len, *i, strlen(*i)))
data/iwd-1.9/ell/tls.c:794:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tls_domain_match_mask(cn, cn_len, *i, strlen(*i)))
data/iwd-1.9/ell/util.c:263:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = src ? strlen(src) : 0;
data/iwd-1.9/ell/util.c:304:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/iwd-1.9/ell/util.c:305:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(prefix);
data/iwd-1.9/ell/util.c:334:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/iwd-1.9/ell/util.c:335:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_len = strlen(suffix);
data/iwd-1.9/ell/util.c:622:9: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (fscanf(fp, "%*s %" L_STRINGIFY(PATH_MAX) "s %99s %*s %*d %*d\n",
data/iwd-1.9/ell/uuid.c:236:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) < 16 * 2 + 4)
data/iwd-1.9/monitor/main.c:104:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, NLA_DATA(nla), GENL_NAMSIZ - 1);
data/iwd-1.9/monitor/main.c:160:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + GENL_HDRLEN + NLA_HDRLEN,
data/iwd-1.9/monitor/main.c:195:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(RTA_DATA(rta), kind, strlen(kind)))
data/iwd-1.9/monitor/main.c:211:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlmon_type_len = strlen(NLMON_TYPE);
data/iwd-1.9/monitor/main.c:219:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifname_len = strlen(ifname) + 1;
data/iwd-1.9/monitor/main.c:718:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(optarg) > 3) {
data/iwd-1.9/monitor/nlmon.c:247:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extra_len = extra ? strlen(extra) : 0;
data/iwd-1.9/monitor/nlmon.c:6478:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, NLA_DATA(nla), GENL_NAMSIZ - 1);
data/iwd-1.9/monitor/nlmon.c:6796:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
pos += sprintf(str + pos, "]");
data/iwd-1.9/monitor/nlmon.c:7298:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, name, IFNAMSIZ - 1);
data/iwd-1.9/monitor/pcap.c:80:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(pcap->fd, &hdr, PCAP_HDR_SIZE);
data/iwd-1.9/monitor/pcap.c:204:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, &pkt, PCAP_PKT_SIZE);
data/iwd-1.9/monitor/pcap.c:215:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(pcap->fd, data, toread);
data/iwd-1.9/src/adhoc.c:245:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(hs, (void *)adhoc->ssid, strlen(adhoc->ssid));
data/iwd-1.9/src/adhoc.c:528:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), adhoc->pmk))
data/iwd-1.9/src/ap.c:117:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(config->psk, strlen(config->psk));
data/iwd-1.9/src/ap.c:365:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ap->config->ssid));
data/iwd-1.9/src/ap.c:591:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ap->config->ssid));
data/iwd-1.9/src/ap.c:1274:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssid_len != strlen(ap->config->ssid) ||
data/iwd-1.9/src/ap.c:1682:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (ssid && ssid_len == strlen(ap->config->ssid) && /* One SSID */
data/iwd-1.9/src/ap.c:1695:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ssid_len == strlen(ap->config->ssid) &&
data/iwd-1.9/src/ap.c:1961:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tail_len + strlen(ap->config->ssid));
data/iwd-1.9/src/ap.c:1975:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_genl_msg_append_attr(cmd, NL80211_ATTR_SSID, strlen(ap->config->ssid),
data/iwd-1.9/src/ap.c:2095:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(config->ssid), ap->pmk) < 0)
data/iwd-1.9/src/backtrace.c:60:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(program_path);
data/iwd-1.9/src/backtrace.c:117:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(infd[0], buf, sizeof(buf) - 1);
data/iwd-1.9/src/crypto.c:516:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passphrase_len = strlen(passphrase);
data/iwd-1.9/src/crypto.c:912:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return kdf_sha384(pmk, pmk_len, label, strlen(label),
data/iwd-1.9/src/crypto.c:915:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return kdf_sha256(pmk, pmk_len, label, strlen(label),
data/iwd-1.9/src/crypto.c:918:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return prf_sha1(pmk, pmk_len, label, strlen(label),
data/iwd-1.9/src/eap-aka.c:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[0].iov_len = strlen(identity);
data/iwd-1.9/src/eap-aka.c:223:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)aka->kdf_in, strlen(aka->kdf_in),
data/iwd-1.9/src/eap-aka.c:567:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t response[8 + strlen(aka->identity) + 4];
data/iwd-1.9/src/eap-aka.c:584:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(aka->identity));
data/iwd-1.9/src/eap-gtc.c:48:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(gtc->password, strlen(gtc->password));
data/iwd-1.9/src/eap-gtc.c:58:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t secret_len = strlen(gtc->password);
data/iwd-1.9/src/eap-gtc.c:113:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-gtc.c:128:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-gtc.c:156:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
data/iwd-1.9/src/eap-md5.c:46:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(md5->secret, strlen(md5->secret));
data/iwd-1.9/src/eap-md5.c:75:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_checksum_update(hash, md5->secret, strlen(md5->secret));
data/iwd-1.9/src/eap-md5.c:132:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-md5.c:147:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-mschapv2.c:449:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(secret->value) + 1);
data/iwd-1.9/src/eap-mschapv2.c:508:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-mschapv2.c:527:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->user_len = strlen(state->user);
data/iwd-1.9/src/eap-mschapv2.c:535:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-peap.c:151:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!prf_plus_sha1(imck, 40, label, strlen(label), "\00", 1,
data/iwd-1.9/src/eap-peap.c:164:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!prf_plus_sha1(peap_state->key, 40, label, strlen(label),
data/iwd-1.9/src/eap-pwd.c:176:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pwd->password, strlen(pwd->password));
data/iwd-1.9/src/eap-pwd.c:241:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint8_t resp[15 + strlen(pwd->identity)];
data/iwd-1.9/src/eap-pwd.c:310:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd->identity, strlen(pwd->identity), pkt + 9,
data/iwd-1.9/src/eap-pwd.c:311:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len - 9, pwd->password, strlen(pwd->password),
data/iwd-1.9/src/eap-pwd.c:319:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("EAP-pwd Hunting And Pecking"),
data/iwd-1.9/src/eap-pwd.c:353:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(pos, pwd->identity, strlen(pwd->identity));
data/iwd-1.9/src/eap-pwd.c:354:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(pwd->identity);
data/iwd-1.9/src/eap-pwd.c:763:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-pwd.c:805:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(pwd->password, strlen(pwd->password));
data/iwd-1.9/src/eap-sim.c:173:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[0].iov_len = strlen(identity);
data/iwd-1.9/src/eap-sim.c:272:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resp_len += EAP_SIM_ROUND(strlen(sim->identity) + 4);
data/iwd-1.9/src/eap-sim.c:291:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sim->identity));
data/iwd-1.9/src/eap-tls-common.c:843:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < 6)
data/iwd-1.9/src/eap-tls-common.c:864:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return l_pem_load_certificate_list_from_data(pem, strlen(pem));
data/iwd-1.9/src/eap-tls-common.c:879:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return l_pem_load_certificate_chain_from_data(pem, strlen(pem));
data/iwd-1.9/src/eap-tls-common.c:895:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return l_pem_load_private_key_from_data(pem, strlen(pem),
data/iwd-1.9/src/eap-tls-common.c:1111:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(passphrase, strlen(passphrase));
data/iwd-1.9/src/eap-ttls.c:177:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(user_name);
data/iwd-1.9/src/eap-ttls.c:191:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(user_password);
data/iwd-1.9/src/eap-ttls.c:435:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(credentials->password));
data/iwd-1.9/src/eap-ttls.c:509:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(credentials->password));
data/iwd-1.9/src/eap-ttls.c:1032:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(password, strlen(password));
data/iwd-1.9/src/eap-wsc.c:299:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wsc->device_password));
data/iwd-1.9/src/eap-wsc.c:800:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wsc->device_password);
data/iwd-1.9/src/eap-wsc.c:1206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wsc->device_password);
data/iwd-1.9/src/eap-wsc.c:1776:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tocopy = strlen(v);
data/iwd-1.9/src/eap-wsc.c:1803:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(manufacturer, " ");
data/iwd-1.9/src/eap-wsc.c:1807:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(model_name, " ");
data/iwd-1.9/src/eap-wsc.c:1811:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(model_number, " ");
data/iwd-1.9/src/eap-wsc.c:1815:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(serial_number, " ");
data/iwd-1.9/src/eap-wsc.c:1827:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(device_name, " ");
data/iwd-1.9/src/eap-wsc.c:2065:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 32)
data/iwd-1.9/src/eap-wsc.c:2075:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsc->wpa2_cred.ssid_len = strlen(str);
data/iwd-1.9/src/eap-wsc.c:2081:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/iwd-1.9/src/eap-wsc.c:2110:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 32)
data/iwd-1.9/src/eap-wsc.c:2118:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsc->open_cred.ssid_len = strlen(str);
data/iwd-1.9/src/eap.c:232:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = identity ? strlen(identity) : 0;
data/iwd-1.9/src/eap.c:627:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t value_len = strlen(info->value) + 1;
data/iwd-1.9/src/eap.c:630:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len += strlen(info->value + value_len);
data/iwd-1.9/src/eap.c:637:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(info->parameter, strlen(info->parameter));
data/iwd-1.9/src/eap.c:785:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t id_len = strlen(eap->identity);
data/iwd-1.9/src/erp.c:497:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(nai, erp->keyname_nai, strlen(erp->keyname_nai))) {
data/iwd-1.9/src/erp.c:506:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(ERP_RMSK_LABEL);
data/iwd-1.9/src/fils.c:209:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("FILS PTK Derivation"), data,
data/iwd-1.9/src/fils.c:214:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("FILS PTK Derivation"), data,
data/iwd-1.9/src/handshake.c:85:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(s->passphrase, strlen(s->passphrase));
data/iwd-1.9/src/hotspot.c:152:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_checksum_update(sha, *realms, strlen(*realms));
data/iwd-1.9/src/knownnetworks.c:262:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_uuid_v5(nsid, to_hash, strlen(to_hash), info->uuid);
data/iwd-1.9/src/manager.c:241:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ifname) + 1, ifname);
data/iwd-1.9/src/manager.c:294:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ifname) + 1, ifname);
data/iwd-1.9/src/mschaputil.c:94:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bsize = strlen(password);
data/iwd-1.9/src/mschaputil.c:168:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_checksum_update(check, username, strlen(username));
data/iwd-1.9/src/netdev.c:2907:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_genl_msg_append_attr(cmd, NL80211_ATTR_SSID, strlen(ssid), ssid);
data/iwd-1.9/src/network.c:106:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(network->passphrase));
data/iwd-1.9/src/network.c:265:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(network->ssid),
data/iwd-1.9/src/network.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setting = alloca(strlen(secret->id) + 10);
data/iwd-1.9/src/network.c:363:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(secret->value)))
data/iwd-1.9/src/network.c:411:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), network->psk);
data/iwd-1.9/src/network.c:793:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *) ssid, strlen(ssid),
data/iwd-1.9/src/network.c:905:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) < IWD_MAX_PASSWORD_LEN)
data/iwd-1.9/src/network.c:926:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(user) + 1;
data/iwd-1.9/src/network.c:927:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen(passwd) + 1;
data/iwd-1.9/src/owe.c:197:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("OWE Key Generation"), pmk, nbytes))
data/iwd-1.9/src/p2p.c:420:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(dev->conn_pin, strlen(dev->conn_pin));
data/iwd-1.9/src/p2p.c:926:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(creds[0].ssid) != bss->ssid_len ||
data/iwd-1.9/src/p2p.c:1096:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ifname) + 1, ifname);
data/iwd-1.9/src/p2p.c:2370:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin) ?
data/iwd-1.9/src/p2p.c:2823:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(peer->name) || !l_utf8_validate(
data/iwd-1.9/src/p2p.c:2824:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
peer->name, strlen(peer->name), NULL)) {
data/iwd-1.9/src/p2p.c:3806:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(new_name) > sizeof(dev->device_info.device_name) - 1)
data/iwd-1.9/src/p2putil.c:1901:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2p_attr_builder_put_be16(builder, strlen(attr->device_name));
data/iwd-1.9/src/p2putil.c:1903:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attr->device_name));
data/iwd-1.9/src/p2putil.c:1935:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2p_attr_builder_put_be16(builder, strlen(desc->device_name));
data/iwd-1.9/src/p2putil.c:1937:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(desc->device_name));
data/iwd-1.9/src/p2putil.c:1951:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2p_attr_builder_put_bytes(builder, attr->ssid, strlen(attr->ssid));
data/iwd-1.9/src/p2putil.c:2034:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p2p_attr_builder_put_u8(builder, strlen(desc->service_name));
data/iwd-1.9/src/p2putil.c:2036:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(desc->service_name));
data/iwd-1.9/src/rfkill.c:94:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = L_TFR(read(fd, buf, sizeof(buf) - 1));
data/iwd-1.9/src/rfkill.c:129:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = L_TFR(read(fd, &e, sizeof(e)));
data/iwd-1.9/src/sae.c:118:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("SAE Hunting and Pecking"), prime, len,
data/iwd-1.9/src/sae.c:296:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_len = strlen(password);
data/iwd-1.9/src/sae.c:576:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kdf_sha256(keyseed, 32, "SAE KCK and PMK", strlen("SAE KCK and PMK"),
data/iwd-1.9/src/scan.c:445:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(network->ssid), network->ssid);
data/iwd-1.9/src/scan.c:493:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(params->ssid), params->ssid);
data/iwd-1.9/src/simutil.c:223:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[1].iov_len = strlen("EAP-AKA'");
data/iwd-1.9/src/simutil.c:225:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iov[2].iov_len = strlen(identity);
data/iwd-1.9/src/station.c:911:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/src/station.c:2566:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssid_len = strlen(ssid);
data/iwd-1.9/src/station.c:2634:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ssid) > 32)
data/iwd-1.9/src/storage.c:68:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir = l_malloc(strlen(filename) + 1);
data/iwd-1.9/src/storage.c:69:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dir, "/");
data/iwd-1.9/src/storage.c:76:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dir, prev + 1, next - prev);
data/iwd-1.9/src/storage.c:106:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = L_TFR(read(fd, buffer, len));
data/iwd-1.9/src/storage.c:281:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid));
data/iwd-1.9/src/util.c:123:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) != 17)
data/iwd-1.9/src/wiphy.c:541:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_checksum_update(sha, ssid, strlen(ssid));
data/iwd-1.9/src/wiphy.c:1399:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l_utf8_validate(wiphy->name, strlen(wiphy->name), NULL)) {
data/iwd-1.9/src/wsc.c:213:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wsce->creds[wsce->n_creds].passphrase,
data/iwd-1.9/src/wsc.c:351:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
data/iwd-1.9/src/wsc.c:545:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
explicit_bzero(hex, strlen(hex));
data/iwd-1.9/src/wsc.c:1038:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pin) == 4 || wsc_pin_is_checksum_valid(pin))
data/iwd-1.9/src/wscutil.c:1716:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = string ? strlen(string) : 0;
data/iwd-1.9/src/wscutil.c:2758:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.iov_len = strlen(personalization) },
data/iwd-1.9/tools/hwsim.c:320:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(hwname, data, len);
data/iwd-1.9/tools/hwsim.c:575:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) != name_len ||
data/iwd-1.9/tools/hwsim.c:743:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) == name_len && !memcmp(rec->name, name, name_len))
data/iwd-1.9/tools/hwsim.c:819:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) != ifname_len ||
data/iwd-1.9/tools/hwsim.c:1610:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_msg = l_genl_msg_new_sized(HWSIM_CMD_NEW_RADIO, 16 + strlen(name));
data/iwd-1.9/tools/hwsim.c:1616:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(name) + 1, name);
data/iwd-1.9/tools/hwsim.c:2425:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size += strlen(radio_name_attr) + 8;
data/iwd-1.9/tools/hwsim.c:2437:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(radio_name_attr) + 1,
data/iwd-1.9/tools/test-runner.c:386:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cwd, "/");
data/iwd-1.9/tools/test-runner.c:637:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/iwd-1.9/tools/test-runner.c:655:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(wait_time);
data/iwd-1.9/tools/test-runner.c:1014:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifnames_size += 1 + strlen(wiphys[i]->interface_name);
data/iwd-1.9/tools/test-runner.c:1037:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifnames_size += strlen(wiphys[i]->interface_name);
data/iwd-1.9/tools/test-runner.c:1103:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(dir, TEST_DIR_PREFIX, strlen(TEST_DIR_PREFIX)) == 0;
data/iwd-1.9/tools/test-runner.c:1587:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iwd_phys[strlen(iwd_phys) - 1] = '\0';
data/iwd-1.9/tools/test-runner.c:2004:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 32 + strlen(wiphy->name);
data/iwd-1.9/tools/test-runner.c:2006:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 32 + strlen(wiphy->interface_name) +
data/iwd-1.9/tools/test-runner.c:2007:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wiphy->hostapd_ctrl_interface) +
data/iwd-1.9/tools/test-runner.c:2008:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(wiphy->hostapd_config);
data/iwd-1.9/tools/test-runner.c:2705:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wiphy->name, name, name_len);
data/iwd-1.9/tools/test-runner.c:3061:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(top_level_path, exec_home + 5, i - 5);
data/iwd-1.9/unit/test-client.c:63:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rl_point = strlen(validation_list[i].command_line);
data/iwd-1.9/unit/test-eap-sim.c:85:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)test, strlen(test));
data/iwd-1.9/unit/test-eap-sim.c:103:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)test, strlen(test));
data/iwd-1.9/unit/test-eap-sim.c:116:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!memcmp(buf + 4, test, strlen(test)));
data/iwd-1.9/unit/test-eap-sim.c:122:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)test, strlen(test));
data/iwd-1.9/unit/test-eap-sim.c:135:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!memcmp(buf + 4, test, strlen(test)));
data/iwd-1.9/unit/test-eap-sim.c:141:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t *)test, strlen(test));
data/iwd-1.9/unit/test-eap-sim.c:154:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!memcmp(buf + 4, test, strlen(test)));
data/iwd-1.9/unit/test-eap-sim.c:341:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)vals->network, strlen(vals->network),
data/iwd-1.9/unit/test-eapol.c:1781:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), psk));
data/iwd-1.9/unit/test-eapol.c:1866:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), psk));
data/iwd-1.9/unit/test-eapol.c:1995:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), psk));
data/iwd-1.9/unit/test-eapol.c:2550:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid), psk);
data/iwd-1.9/unit/test-eapol.c:3159:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
data/iwd-1.9/unit/test-eapol.c:3203:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
data/iwd-1.9/unit/test-eapol.c:3227:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
data/iwd-1.9/unit/test-eapol.c:3312:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l_settings_load_from_data(config, config_8021x, strlen(config_8021x));
data/iwd-1.9/unit/test-eapol.c:3403:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(eapol_8021x_config));
data/iwd-1.9/unit/test-eapol.c:3490:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-eapol.c:3496:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_kh_ids(hs, r0khid, strlen((void *) r0khid), r1khid);
data/iwd-1.9/unit/test-eapol.c:3683:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.ap_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-eapol.c:3692:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.sta_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-eapol.c:3744:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.ap_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-eapol.c:3753:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.sta_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-hmac-md5.c:51:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_len = strlen(test->hmac) / 2;
data/iwd-1.9/unit/test-hmac-sha1.c:51:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_len = strlen(test->hmac) / 2;
data/iwd-1.9/unit/test-hmac-sha256.c:51:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmac_len = strlen(test->hmac) / 2;
data/iwd-1.9/unit/test-kdf-sha256.c:53:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kdf_len = strlen(test->kdf) / 2;
data/iwd-1.9/unit/test-prf-sha1.c:53:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prf_len = strlen(test->prf) / 2;
data/iwd-1.9/unit/test-util.c:73:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssid[i].string)) == ssid[i].result);
data/iwd-1.9/unit/test-wsc.c:2500:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ap_8021x_str));
data/iwd-1.9/unit/test-wsc.c:2540:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.ap_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-wsc.c:2549:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handshake_state_set_ssid(s.sta_hs, (void *) ssid, strlen(ssid));
data/iwd-1.9/unit/test-wsc.c:2551:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(sta_8021x_str));
data/iwd-1.9/wired/network.c:53:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return l_strndup(filename, strlen(filename) - STORAGEFILE_SUFFIX_LEN);
ANALYSIS SUMMARY:
Hits = 1485
Lines analyzed = 153498 in approximately 3.47 seconds (44294 lines/second)
Physical Source Lines of Code (SLOC) = 105941
Hits@level = [0] 338 [1] 348 [2] 1003 [3] 38 [4] 90 [5] 6
Hits@level+ = [0+] 1823 [1+] 1485 [2+] 1137 [3+] 134 [4+] 96 [5+] 6
Hits/KSLOC@level+ = [0+] 17.2077 [1+] 14.0172 [2+] 10.7324 [3+] 1.26485 [4+] 0.906165 [5+] 0.0566353
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.