Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libosmo-netif-1.0.0/examples/ipa-stream-client.c
Examining data/libosmo-netif-1.0.0/examples/ipa-stream-server.c
Examining data/libosmo-netif-1.0.0/examples/lapd-over-datagram-network.c
Examining data/libosmo-netif-1.0.0/examples/lapd-over-datagram-user.c
Examining data/libosmo-netif-1.0.0/examples/osmux-test-input.c
Examining data/libosmo-netif-1.0.0/examples/osmux-test-output.c
Examining data/libosmo-netif-1.0.0/examples/rs232-read.c
Examining data/libosmo-netif-1.0.0/examples/rs232-write.c
Examining data/libosmo-netif-1.0.0/examples/rtp-udp-test-client.c
Examining data/libosmo-netif-1.0.0/examples/rtp-udp-test-server.c
Examining data/libosmo-netif-1.0.0/examples/stream-client.c
Examining data/libosmo-netif-1.0.0/examples/stream-server.c
Examining data/libosmo-netif-1.0.0/examples/udp-test-client.c
Examining data/libosmo-netif-1.0.0/examples/udp-test-server.c
Examining data/libosmo-netif-1.0.0/examples/udp-test.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/amr.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/datagram.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/ipa.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/ipa_unit.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/jibuf.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/osmux.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/rs232.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/rtp.h
Examining data/libosmo-netif-1.0.0/include/osmocom/netif/stream.h
Examining data/libosmo-netif-1.0.0/src/amr.c
Examining data/libosmo-netif-1.0.0/src/datagram.c
Examining data/libosmo-netif-1.0.0/src/ipa.c
Examining data/libosmo-netif-1.0.0/src/ipa_unit.c
Examining data/libosmo-netif-1.0.0/src/jibuf.c
Examining data/libosmo-netif-1.0.0/src/osmux.c
Examining data/libosmo-netif-1.0.0/src/rs232.c
Examining data/libosmo-netif-1.0.0/src/rtp.c
Examining data/libosmo-netif-1.0.0/src/stream.c
Examining data/libosmo-netif-1.0.0/tests/amr/amr_test.c
Examining data/libosmo-netif-1.0.0/tests/jibuf/jibuf_test.c
Examining data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/l2_eth.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/l2_sll.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/l3_ipv4.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/l4_tcp.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/l4_udp.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/osmo_pcap.h
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/osmux_test.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/pcap.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/proto.c
Examining data/libosmo-netif-1.0.0/tests/osmo-pcap-test/proto.h
Examining data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c
Examining data/libosmo-netif-1.0.0/tests/osmux/osmux_test2.c
Examining data/libosmo-netif-1.0.0/tests/stream/stream_test.c
FINAL RESULTS:
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:72:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "sys={%lu.%06lu}, mono={%lu.%06lu}: " fmt, \
data/libosmo-netif-1.0.0/tests/stream/stream_test.c:63:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("{%lu.%06lu} [%s] Client's %s(): " fmt, tv.tv_sec, tv.tv_usec, \
data/libosmo-netif-1.0.0/tests/stream/stream_test.c:233:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("[%s] Server's %s(): " fmt, osmo_stream_srv_link_get_data(lnk) ? "OK" : "NA", __func__, ##args)
data/libosmo-netif-1.0.0/tests/stream/stream_test.c:238:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("{%lu.%06lu} [%s|%s] Server's %s(): " fmt, tv.tv_sec, tv.tv_usec, \
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:213:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_sequence(rtp, random());
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:214:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_ssrc(rtp, random());
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:151:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_sequence(rtp, random());
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:152:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_ssrc(rtp, random());
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:158:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmux_xfrm_output_init(&h_output, random());
data/libosmo-netif-1.0.0/examples/rtp-udp-test-client.c:102:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_sequence(rtp, random());
data/libosmo-netif-1.0.0/examples/rtp-udp-test-client.c:103:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_ssrc(rtp, random());
data/libosmo-netif-1.0.0/examples/rtp-udp-test-server.c:116:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_sequence(rtp, random());
data/libosmo-netif-1.0.0/examples/rtp-udp-test-server.c:117:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
osmo_rtp_handle_tx_set_ssrc(rtp, random());
data/libosmo-netif-1.0.0/src/osmux.c:1004:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
h->rtp_seq = (uint16_t)random();
data/libosmo-netif-1.0.0/src/osmux.c:1005:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
h->rtp_timestamp = (uint32_t)random();
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:377:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
pinfo->tx_delay = NET_DELAY_MS + (random() % (GENERATED_JITTER_MS));
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:480:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:481:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rtp_first_seq = (uint16_t) random();
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:483:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
rtp_next_ts = (uint32_t) random();
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:562:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "hdtrosp:m:M:")) != -1) {
data/libosmo-netif-1.0.0/examples/ipa-stream-client.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &x, sizeof(int));
data/libosmo-netif-1.0.0/examples/ipa-stream-client.c:167:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_msgs = atoi(argv[1]);
data/libosmo-netif-1.0.0/examples/lapd-over-datagram-network.c:114:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &x, sizeof(int));
data/libosmo-netif-1.0.0/examples/lapd-over-datagram-user.c:115:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &x, sizeof(int));
data/libosmo-netif-1.0.0/examples/lapd-over-datagram-user.c:194:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_msgs = atoi(argv[1]);
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:43:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/tmp/input.amr", O_WRONLY | O_CREAT | O_TRUNC, 0644);
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:51:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/tmp/output.amr", O_WRONLY | O_CREAT | O_TRUNC, 0644);
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/rs232-write.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, &ubxhdr, sizeof(struct ubx_hdr));
data/libosmo-netif-1.0.0/examples/rs232-write.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, &len, sizeof(len));
data/libosmo-netif-1.0.0/examples/rs232-write.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, &data, sizeof(data));
data/libosmo-netif-1.0.0/examples/rs232-write.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, &le_data, sizeof(data));
data/libosmo-netif-1.0.0/examples/rs232-write.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, &le_data, sizeof(data));
data/libosmo-netif-1.0.0/examples/rs232-write.c:167:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->len, checksum, sizeof(checksum));
data/libosmo-netif-1.0.0/examples/rs232-write.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nmea_cmd[128] = "$PUBX,41,3,0001,0001,9600,0*";
data/libosmo-netif-1.0.0/examples/rs232-write.c:260:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nmea_cmd + strlen(nmea_cmd), "%u\r\n", checksum);
data/libosmo-netif-1.0.0/examples/rs232-write.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, nmea_cmd, strlen(nmea_cmd));
data/libosmo-netif-1.0.0/examples/rs232-write.c:316:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/rs232-write.c:326:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(buf);
data/libosmo-netif-1.0.0/examples/rtp-udp-test-client.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_data[RTP_PT_GSM_FULL_PAYLOAD_LEN] = "payload test";
data/libosmo-netif-1.0.0/examples/rtp-udp-test-server.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_data[RTP_PT_GSM_FULL_PAYLOAD_LEN] = "payload test";
data/libosmo-netif-1.0.0/examples/stream-client.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/stream-client.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, ret);
data/libosmo-netif-1.0.0/examples/stream-server.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OSMO_SOCK_NAME_MAXLEN];
data/libosmo-netif-1.0.0/examples/stream-server.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/examples/stream-server.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buf, ret);
data/libosmo-netif-1.0.0/src/amr.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(payload, buf, oa_payload_len);
data/libosmo-netif-1.0.0/src/ipa.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/libosmo-netif-1.0.0/src/ipa.c:311:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag + 3, str, strlen(str) + 1);
data/libosmo-netif-1.0.0/src/osmux.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_msg->tail, payload, payload_len);
data/libosmo-netif-1.0.0/src/osmux.c:218:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libosmo-netif-1.0.0/src/osmux.c:434:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->out_msg->tail, osmo_amr_get_payload(state->amrh),
data/libosmo-netif-1.0.0/src/osmux.c:517:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libosmo-netif-1.0.0/src/osmux.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->data, last->data, last->len);
data/libosmo-netif-1.0.0/src/rs232.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_port[PATH_MAX];
data/libosmo-netif-1.0.0/src/rs232.c:181:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc = open(r->cfg.serial_port, O_RDWR);
data/libosmo-netif-1.0.0/src/rtp.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + sizeof(struct rtp_hdr), data, payload_len);
data/libosmo-netif-1.0.0/src/stream.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, event, compiletime_size);
data/libosmo-netif-1.0.0/src/stream.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *addr[OSMO_STREAM_MAX_ADDRS];
data/libosmo-netif-1.0.0/src/stream.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *local_addr[OSMO_STREAM_MAX_ADDRS];
data/libosmo-netif-1.0.0/src/stream.c:588:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[OSMO_SOCK_NAME_MAXLEN];
data/libosmo-netif-1.0.0/src/stream.c:824:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *addr[OSMO_STREAM_MAX_ADDRS];
data/libosmo-netif-1.0.0/src/stream.c:997:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[INET6_ADDRSTRLEN + 6];
data/libosmo-netif-1.0.0/tests/amr/amr_test.c:176:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_chk, buf, sizeof(buf));
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_test.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, rtp_pkt, sizeof(rtp_pkt));
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_test.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[250];
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_test.c:753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[250];
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:359:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, rtp_pkt, sizeof(rtp_pkt));
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:586:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_buffer_min = (uint32_t) atoi(optarg);
data/libosmo-netif-1.0.0/tests/jibuf/jibuf_tool.c:589:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt_buffer_max = (uint32_t) atoi(optarg);
data/libosmo-netif-1.0.0/tests/osmo-pcap-test/pcap.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgb->data, pkt, pktlen);
data/libosmo-netif-1.0.0/tests/osmo-pcap-test/pcap.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/libosmo-netif-1.0.0/tests/osmo-pcap-test/pcap.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->start_pcap, &pcaph.ts, sizeof(struct timeval));
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:174:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, rtp_pkt, sizeof(rtp_pkt));
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libosmo-netif-1.0.0/tests/osmux/osmux_test.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, rtp_pkt, sizeof(rtp_pkt));
data/libosmo-netif-1.0.0/tests/osmux/osmux_test2.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[250];
data/libosmo-netif-1.0.0/examples/osmux-test-input.c:48:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, "#!AMR\n", strlen("#!AMR\n"));
data/libosmo-netif-1.0.0/examples/osmux-test-output.c:56:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(fd, "#!AMR\n", strlen("#!AMR\n"));
data/libosmo-netif-1.0.0/examples/rs232-write.c:260:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(nmea_cmd + strlen(nmea_cmd), "%u\r\n", checksum);
data/libosmo-netif-1.0.0/examples/rs232-write.c:267:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(msg->data, nmea_cmd, strlen(nmea_cmd));
data/libosmo-netif-1.0.0/examples/rs232-write.c:268:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgb_put(msg, strlen(nmea_cmd));
data/libosmo-netif-1.0.0/examples/rs232-write.c:319:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(STDIN_FILENO, buf, sizeof(buf));
data/libosmo-netif-1.0.0/examples/stream-client.c:88:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(STDIN_FILENO, buf, sizeof(buf));
data/libosmo-netif-1.0.0/examples/stream-server.c:110:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(STDIN_FILENO, buf, sizeof(buf));
data/libosmo-netif-1.0.0/src/ipa.c:307:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = msgb_put(nmsg, 3 + strlen(str) + 1);
data/libosmo-netif-1.0.0/src/ipa.c:309:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag[1] = 1 + strlen(str) + 1;
data/libosmo-netif-1.0.0/src/ipa.c:311:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(tag + 3, str, strlen(str) + 1);
data/libosmo-netif-1.0.0/src/rs232.c:47:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(struct osmo_rs232 *);
data/libosmo-netif-1.0.0/src/rs232.c:107:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (r->cb.read)
data/libosmo-netif-1.0.0/src/rs232.c:108:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r->cb.read(r);
data/libosmo-netif-1.0.0/src/rs232.c:248:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(r->ofd.fd, msg->data, msg->data_len);
data/libosmo-netif-1.0.0/tests/amr/amr_test.c:203:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(oa_amr_samples[i]);
data/libosmo-netif-1.0.0/tests/amr/amr_test.c:222:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(oa_amr_samples[i]);
ANALYSIS SUMMARY:
Hits = 99
Lines analyzed = 11702 in approximately 0.40 seconds (29236 lines/second)
Physical Source Lines of Code (SLOC) = 8310
Hits@level = [0] 164 [1] 17 [2] 62 [3] 16 [4] 4 [5] 0
Hits@level+ = [0+] 263 [1+] 99 [2+] 82 [3+] 20 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 31.6486 [1+] 11.9134 [2+] 9.86763 [3+] 2.40674 [4+] 0.481348 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.