Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libfreefare-0.4.0/contrib/libutil/hexdump.c Examining data/libfreefare-0.4.0/contrib/libutil/libutil.h Examining data/libfreefare-0.4.0/contrib/win32/err.h Examining data/libfreefare-0.4.0/examples/mifare-classic-format.c Examining data/libfreefare-0.4.0/examples/mifare-classic-read-ndef.c Examining data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-access.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-create-ndef.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-ats.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-default-key.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-random-uid.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-format.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-info.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c Examining data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c Examining data/libfreefare-0.4.0/examples/mifare-ultralight-info.c Examining data/libfreefare-0.4.0/libfreefare/freefare.c Examining data/libfreefare-0.4.0/libfreefare/freefare.h Examining data/libfreefare-0.4.0/libfreefare/freefare_internal.h Examining data/libfreefare-0.4.0/libfreefare/mad.c Examining data/libfreefare-0.4.0/libfreefare/mifare_application.c Examining data/libfreefare-0.4.0/libfreefare/mifare_classic.c Examining data/libfreefare-0.4.0/libfreefare/mifare_desfire.c Examining data/libfreefare-0.4.0/libfreefare/mifare_desfire_aid.c Examining data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c Examining data/libfreefare-0.4.0/libfreefare/mifare_desfire_error.c Examining data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c Examining data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c Examining data/libfreefare-0.4.0/libfreefare/tlv.c Examining data/libfreefare-0.4.0/test/common/mifare_desfire_auto_authenticate.c Examining data/libfreefare-0.4.0/test/common/mifare_desfire_auto_authenticate.h Examining data/libfreefare-0.4.0/test/mifare_classic_fixture.c Examining data/libfreefare-0.4.0/test/mifare_classic_fixture.h Examining data/libfreefare-0.4.0/test/mifare_desfire_ev1_fixture.c Examining data/libfreefare-0.4.0/test/mifare_desfire_ev1_fixture.h Examining data/libfreefare-0.4.0/test/mifare_desfire_fixture.c Examining data/libfreefare-0.4.0/test/mifare_desfire_fixture.h Examining data/libfreefare-0.4.0/test/mifare_ultralight_fixture.c Examining data/libfreefare-0.4.0/test/mifare_ultralight_fixture.h Examining data/libfreefare-0.4.0/test/test_mad.c Examining data/libfreefare-0.4.0/test/test_mifare_application.c Examining data/libfreefare-0.4.0/test/test_mifare_classic.c Examining data/libfreefare-0.4.0/test/test_mifare_classic_create_trailer_block.c Examining data/libfreefare-0.4.0/test/test_mifare_classic_mad.c Examining data/libfreefare-0.4.0/test/test_mifare_classic_sector_boundaries.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_aes.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_aid.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_des.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_ev1.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_iso.c Examining data/libfreefare-0.4.0/test/test_mifare_desfire_key.c Examining data/libfreefare-0.4.0/test/test_mifare_ultralight.c Examining data/libfreefare-0.4.0/test/test_tlv.c FINAL RESULTS: data/libfreefare-0.4.0/contrib/win32/err.h:26:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, __VA_ARGS__); \ data/libfreefare-0.4.0/contrib/win32/err.h:31:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, __VA_ARGS__); \ data/libfreefare-0.4.0/examples/mifare-classic-format.c:78:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (START_FORMAT_N, 16); data/libfreefare-0.4.0/examples/mifare-classic-format.c:83:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DONE_FORMAT); data/libfreefare-0.4.0/examples/mifare-classic-format.c:90:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (START_FORMAT_N, 32 + 8); data/libfreefare-0.4.0/examples/mifare-classic-format.c:95:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DONE_FORMAT); data/libfreefare-0.4.0/examples/mifare-classic-format.c:245:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (START_FORMAT_N, (tt == CLASSIC_1K) ? 1 : 2); data/libfreefare-0.4.0/examples/mifare-classic-format.c:253:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf (DONE_FORMAT); data/libfreefare-0.4.0/examples/mifare-classic-format.c:148:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "fhy")) != -1) { data/libfreefare-0.4.0/examples/mifare-classic-read-ndef.c:75:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyo:")) != -1) { data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:145:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyi:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-create-ndef.c:68:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyK:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-ats.c:61:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyK:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-default-key.c:59:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hy")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-random-uid.c:57:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyK:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-format.c:57:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyK:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c:74:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyo:k:")) != -1) { data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:82:18: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt (argc, argv, "hyi:k:")) != -1) { data/libfreefare-0.4.0/examples/mifare-classic-format.c:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(default_keys, default_keys_int, sizeof(default_keys_int)); data/libfreefare-0.4.0/examples/mifare-classic-format.c:172:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kbuffer[1024] = {0}; data/libfreefare-0.4.0/examples/mifare-classic-format.c:174:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[optind], "rb"); data/libfreefare-0.4.0/examples/mifare-classic-format.c:186:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((default_keys + i++), kbuffer + pos_a, 6); data/libfreefare-0.4.0/examples/mifare-classic-format.c:187:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((default_keys + i++), kbuffer + pos_b, 6); data/libfreefare-0.4.0/examples/mifare-classic-format.c:228:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-classic-read-ndef.c:108:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ndef_stream = fopen(ndef_output, "wb"); data/libfreefare-0.4.0/examples/mifare-classic-read-ndef.c:151:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, &default_keys[i], sizeof (MifareClassicKey)); data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:97:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, &default_keys[i], sizeof (MifareClassicKey)); data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:177:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ndef_stream = fopen(ndef_input, "rb"); data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:241:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:255:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(card_write_keys[n].key, transport_key, sizeof (transport_key)); data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:287:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(card_write_keys[0x10].key), &default_keyb, sizeof (MifareClassicKey)); data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:297:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(card_write_keys[0x00].key), &default_keyb, sizeof (MifareClassicKey)); data/libfreefare-0.4.0/examples/mifare-desfire-access.c:110:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/libfreefare-0.4.0/examples/mifare-desfire-create-ndef.c:128:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-ats.c:120:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-default-key.c:106:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-random-uid.c:116:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-format.c:116:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c:117:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ndef_stream = fopen(ndef_output, "wb"); data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c:156:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:120:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef_msg + 2, ndef_default_msg, ndef_msg_len - 2); data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:129:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ndef_stream = fopen(ndef_input, "rb"); data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:185:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/libfreefare-0.4.0/libfreefare/freefare.c:270:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, p, n); data/libfreefare-0.4.0/libfreefare/freefare.h:53:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char MifareUltralightPage[4]; data/libfreefare-0.4.0/libfreefare/freefare.h:76:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char MifareClassicBlock[16]; data/libfreefare-0.4.0/libfreefare/freefare.h:82:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char MifareClassicKey[6]; data/libfreefare-0.4.0/libfreefare/freefare_internal.h:372:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + __##buffer##_n, &data, data_size); \ data/libfreefare-0.4.0/libfreefare/mad.c:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, sizeof (data)); data/libfreefare-0.4.0/libfreefare/mad.c:228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, sizeof (data)); data/libfreefare-0.4.0/libfreefare/mad.c:247:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, sizeof (data)); data/libfreefare-0.4.0/libfreefare/mad.c:253:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, sizeof (data)); data/libfreefare-0.4.0/libfreefare/mad.c:259:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, sizeof (data)); data/libfreefare-0.4.0/libfreefare/mifare_application.c:239:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)buf + res, &block, n); data/libfreefare-0.4.0/libfreefare/mifare_application.c:287:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&block, (uint8_t *)buf + res, n); data/libfreefare-0.4.0/libfreefare/mifare_classic.c:110:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[16]; data/libfreefare-0.4.0/libfreefare/mifare_classic.c:769:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b->trailer.key_a, key_a, sizeof (MifareClassicKey)); data/libfreefare-0.4.0/libfreefare/mifare_classic.c:779:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(b->trailer.access_bits), &ab, 3); data/libfreefare-0.4.0/libfreefare/mifare_classic.c:782:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (b->trailer.key_b, key_b, sizeof (MifareClassicKey)); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:179:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__msg + 5, msg + 1, msg_len - 1); \ data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:197:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, __res, __##res##_n - 1); \ data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:361:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_E_RndB, res, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:364:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_RndB, PICC_E_RndB, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:371:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PCD_r_RndB, PICC_RndB, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:375:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (token, PCD_RndA, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:376:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (token+key_length, PCD_r_RndB, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:388:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_E_RndA_s, res, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:391:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_RndA_s, PICC_E_RndA_s, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:395:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PCD_RndA_s, PCD_RndA, key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:553:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cmd + __cmd_n, new_key->data, new_key_length); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:779:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, res, __res_n); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:786:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)buffer + offset, res, __res_n); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:840:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (new_dfs[*count].df_name, res + 5, __res_n - 6); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:947:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[28 + CMAC_LENGTH + 1]; data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:953:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(version_info->hardware), res, 7); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:954:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, res, 7); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:958:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(version_info->software), res, 7); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:959:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 7, res, 7); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:962:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&(version_info->uid), res, 14); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:963:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 14, res, __res_n); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:1132:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (*uid, "%02x%02x%02x%02x%02x%02x%02x", data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:1171:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*files, res, *count); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:1198:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data + offset, res, __res_n - 1); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:1250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&raw_settings, p, sn - 1); data/libfreefare-0.4.0/libfreefare/mifare_desfire.c:1549:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)data + bytes_received, res, frame_bytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_aid.c:69:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res->data, ((uint8_t*)&aid_le), 3); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->cmac_sk1, l, kbs); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->cmac_sk2, key->cmac_sk1, kbs); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:144:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, data, len); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:158:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cmac, ivect, kbs); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:340:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, data, *nbytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:346:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (mac, res + edl - 8, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:349:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, data, *nbytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:358:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + *nbytes, mac, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, data, *nbytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + *nbytes, MIFARE_DESFIRE (tag)->cmac, CMAC_LENGTH); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:403:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, data, *nbytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:470:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (edata, data, *nbytes - 1); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:567:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, data, *nbytes); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:660:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ovect, data, block_size); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:718:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, edata, block_size); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:721:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ivect, data, block_size); data/libfreefare-0.4.0/libfreefare/mifare_desfire_crypto.c:724:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ivect, ovect, block_size); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:44:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, value, 8); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:57:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->data, value, 8); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:58:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->data+8, value, 8); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, value, 16); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:83:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->data, value, 16); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:93:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, value, 24); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:106:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->data, value, 24); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:124:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->data, value, 16); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:169:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, rnda, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+4, rndb, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, rnda, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+4, rndb, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+8, rnda+4, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+12, rndb+4, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:181:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, rnda, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+4, rndb, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:183:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+8, rnda+6, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+12, rndb+6, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:185:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+16, rnda+12, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:186:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+20, rndb+12, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:190:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, rnda, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:191:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+4, rndb, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+8, rnda+12, 4); data/libfreefare-0.4.0/libfreefare/mifare_desfire_key.c:193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer+12, rndb+12, 4); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:205:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (MIFARE_ULTRALIGHT(tag)->cache[i % iPageCount], MIFARE_ULTRALIGHT(tag)->cache[i], sizeof (MifareUltralightPage)); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, MIFARE_ULTRALIGHT(tag)->cache[page], sizeof (*data)); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:260:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_E_RndB, res+1, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_RndB, PICC_E_RndB, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:272:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PCD_r_RndB, PICC_RndB, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:276:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (token, PCD_RndA, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:277:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (token+8, PCD_r_RndB, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:293:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_E_RndA_s, res+1, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:296:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PICC_RndA_s, PICC_E_RndA_s, 8); data/libfreefare-0.4.0/libfreefare/mifare_ultralight.c:300:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (PCD_RndA_s, PCD_RndA, 8); data/libfreefare-0.4.0/libfreefare/tlv.c:90:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + n, &size_be, sizeof (uint16_t)); data/libfreefare-0.4.0/libfreefare/tlv.c:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res + n, istream, isize); data/libfreefare-0.4.0/libfreefare/tlv.c:127:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (res, istream + 1 + fls, fvs); data/libfreefare-0.4.0/libfreefare/tlv.c:151:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&be_size, stream + 2, sizeof (uint16_t)); data/libfreefare-0.4.0/libfreefare/tlv.c:215:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a + a_size - 1, b, b_size); data/libfreefare-0.4.0/test/test_mifare_classic_mad.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buf[500]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[3]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:177:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_buffer[64]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:202:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer + 3 * n, "%02d", n); data/libfreefare-0.4.0/test/test_mifare_desfire.c:220:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire.c:241:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire.c:455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer2[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer3[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:464:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire.c:469:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire.c:477:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer3, "Test invalid write"); data/libfreefare-0.4.0/test/test_mifare_desfire.c:560:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "0123456789012345678901234"); data/libfreefare-0.4.0/test/test_mifare_desfire.c:561:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction - nr + 1); data/libfreefare-0.4.0/test/test_mifare_desfire.c:562:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire.c:661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:662:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:687:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer + 5, " Transaction #%d ", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire.c:727:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:736:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_data_buffer + 5, " Transaction #%d ", t); data/libfreefare-0.4.0/test/test_mifare_desfire.c:916:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[50]; data/libfreefare-0.4.0/test/test_mifare_desfire.c:975:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[3]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:174:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_buffer[64]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:199:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer + 3 * n, "%02d", n); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:217:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:238:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer2[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:446:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer3[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:453:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:458:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:466:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer3, "Test invalid write"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:554:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "0123456789012345678901234"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:555:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction - nr + 1); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:556:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:655:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:656:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:681:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer + 5, " Transaction #%d ", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:721:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:730:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_data_buffer + 5, " Transaction #%d ", t); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[3]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:174:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_buffer[64]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:199:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer + 3 * n, "%02d", n); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:217:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:238:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer2[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:446:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer3[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:453:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:458:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:466:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer3, "Test invalid write"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:554:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "0123456789012345678901234"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:555:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction - nr + 1); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:556:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:655:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:656:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:681:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer + 5, " Transaction #%d ", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:721:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:730:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_data_buffer + 5, " Transaction #%d ", t); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[3]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:172:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_buffer[64]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:197:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer + 3 * n, "%02d", n); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:215:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:236:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_buffer, "r.%02d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:442:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:443:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer2[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer3[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:451:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:456:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:464:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer3, "Test invalid write"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:552:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer, "0123456789012345678901234"); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:553:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer2, "Transaction #%d", transaction - nr + 1); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:554:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:654:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char read_buffer[100+20]; // XXX data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:679:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (data_buffer + 5, " Transaction #%d ", transaction); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:719:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:720:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ref_data_buffer[100]; data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:728:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (ref_data_buffer + 5, " Transaction #%d ", t); data/libfreefare-0.4.0/examples/mifare-classic-format.c:177:27: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (i = 0; (rc = getc(fp)) != EOF && i < 1024; kbuffer[i++] = rc) { } data/libfreefare-0.4.0/examples/mifare-classic-read-ndef.c:103:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (ndef_output) == 1) && (ndef_output[0] == '-')) { data/libfreefare-0.4.0/examples/mifare-classic-write-ndef.c:171:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (ndef_input) == 1) && (ndef_input[0] == '-')) { data/libfreefare-0.4.0/examples/mifare-desfire-access.c:106:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tags[i], 1, 0, strlen (s), s); data/libfreefare-0.4.0/examples/mifare-desfire-create-ndef.c:78:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-ats.c:71:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-random-uid.c:67:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-ev1-configure-random-uid.c:143:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tag_uid_len = strlen (tag_uid) / 2; data/libfreefare-0.4.0/examples/mifare-desfire-format.c:67:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-info.c:137:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("Use random UID: %s\n", (strlen (tag_uid) / 2 == 4) ? "yes" : "no"); data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c:87:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-read-ndef.c:112:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (ndef_output) == 1) && (ndef_output[0] == '-')) { data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:95:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 16) { data/libfreefare-0.4.0/examples/mifare-desfire-write-ndef.c:123:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen (ndef_input) == 1) && (ndef_input[0] == '-')) { data/libfreefare-0.4.0/libfreefare/freefare.h:201:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define MDAR(read,write,read_write,change_access_rights) ( \ data/libfreefare-0.4.0/libfreefare/freefare.h:202:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (read << 12) | \ data/libfreefare-0.4.0/test/test_mifare_classic.c:364:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert (((strlen (uid) == 8)||(strlen (uid) == 14)), cut_message ("Wrong UID length")); data/libfreefare-0.4.0/test/test_mifare_classic.c:364:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert (((strlen (uid) == 8)||(strlen (uid) == 14)), cut_message ("Wrong UID length")); data/libfreefare-0.4.0/test/test_mifare_desfire.c:466:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, std_data_file_id, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire.c:469:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire.c:478:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 0, strlen (data_buffer3), data_buffer3); data/libfreefare-0.4.0/test/test_mifare_desfire.c:495:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire.c:562:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire.c:563:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (data_buffer, strlen (data_buffer), data_buffer3, res, cut_message ("data")); data/libfreefare-0.4.0/test/test_mifare_desfire.c:913:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, 1, 0, strlen (s), s); data/libfreefare-0.4.0/test/test_mifare_desfire.c:969:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, 1, 0, strlen (s), s); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1.c:116:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data_ex (tag, 1, 0, strlen (sample_data), sample_data, MDCM_MACED); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1.c:135:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (buffer, strlen (buffer), sample_data, strlen (sample_data), cut_message ("AES crypto failed")); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1.c:135:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (buffer, strlen (buffer), sample_data, strlen (sample_data), cut_message ("AES crypto failed")); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:455:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, std_data_file_id, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:458:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:467:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 0, strlen (data_buffer3), data_buffer3); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:489:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:556:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3des.c:557:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (data_buffer, strlen (data_buffer), data_buffer3, res, cut_message ("data")); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:455:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, std_data_file_id, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:458:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:467:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 0, strlen (data_buffer3), data_buffer3); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:489:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:556:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_3k3des.c:557:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (data_buffer, strlen (data_buffer), data_buffer3, res, cut_message ("data")); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:453:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_data (tag, std_data_file_id, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:456:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:465:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 0, strlen (data_buffer3), data_buffer3); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:487:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = mifare_desfire_write_record (tag, 1, 5, strlen (data_buffer2), data_buffer2); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:554:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((uint8_t *)data_buffer + 5, data_buffer2, strlen (data_buffer2)); data/libfreefare-0.4.0/test/test_mifare_desfire_ev1_aes.c:555:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_memory (data_buffer, strlen (data_buffer), data_buffer3, res, cut_message ("data")); data/libfreefare-0.4.0/test/test_mifare_ultralight.c:164:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cut_assert_equal_int (14, strlen (uid), cut_message ("Wrong UID length")); ANALYSIS SUMMARY: Hits = 279 Lines analyzed = 15723 in approximately 0.51 seconds (31074 lines/second) Physical Source Lines of Code (SLOC) = 10583 Hits@level = [0] 150 [1] 48 [2] 213 [3] 10 [4] 8 [5] 0 Hits@level+ = [0+] 429 [1+] 279 [2+] 231 [3+] 18 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 40.5367 [1+] 26.363 [2+] 21.8275 [3+] 1.70084 [4+] 0.755929 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.