Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_server.c
Examining data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/mtp/mtp_level3.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/mtp/mtp_pcap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/m2ua_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/mtp_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/osmo_ss7.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/m3ua.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/mtp.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/protocol/sua.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_helpers.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sigtran_sap.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/xua_msg.h
Examining data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/xua_types.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/ipa.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/mtp_pcap.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sap.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scrc.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_types.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_user.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/sua.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_as_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_as_fsm.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_asp_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_asp_fsm.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_default_lm_fsm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_internal.h
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c
Examining data/libosmo-sccp-1.3.0+dfsg1/src/xua_rkm.c
Examining data/libosmo-sccp-1.3.0+dfsg1/stp/stp_main.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/m2ua/m2ua_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/mtp/mtp_parse_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/ss7/ss7_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/sccp_test_data.c
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/sccp_test_data.h
Examining data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c

FINAL RESULTS:

data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sccp/sccp.h:104:22:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	struct sccp_system *system;
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:229:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	rc = sscanf(str, fmtstr, &component[0], &component[1], &component[2]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:268:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, len, fmtstr,
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:163:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		l = snprintf(pos, sizeof(buf) - (pos - buf), fmt, ## args); \
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:252:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf + printed, size - printed, fmt, ap);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:490:2:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
	vsprintf(buf+strlen(buf), fmt, ap);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:426:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf("FAILURE in %s:%d: " x, __FILE__, __LINE__, ## args); \
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:183:15:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((ch = getopt(argc, argv, "cl:r:L:R:C:")) != -1) {
data/libosmo-sccp-1.3.0+dfsg1/stp/stp_main.c:105:7:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		c = getopt_long(argc, argv, "hDc:V", long_options, &option_index);
data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c:83:7:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		c = getopt_long(argc, argv, "hc:d:Dc:sTVe:",
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:164:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*port = atoi(portstr);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:217:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			local_pc = atoi(optarg);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_demo_user.c:225:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			remote_pc = atoi(optarg);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:34:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	g_called_addr.ssn = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:44:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:58:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:72:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:97:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int conn_id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/osmo_ss7.h:359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *host[OSMO_SOCK_MAX_ADDRS];
data/libosmo-sccp-1.3.0+dfsg1/include/osmocom/sigtran/sccp_sap.h:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[32];
data/libosmo-sccp-1.3.0+dfsg1/src/ipa.c:90:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, src_len);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:339:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data_part->dat, data_hdr, sizeof(*data_hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data_part->dat+sizeof(*data_hdr), data, data_len);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:443:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(npar->info_string, info_ie->dat, info_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:147:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:151:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:157:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:163:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf, "%u");
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:281:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:289:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[MAX_PC_STR_LEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:299:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		int masklen = atoi(in+1);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:839:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf_l[64], hostbuf_r[64];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1378:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bufloc[512], bufrem[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1853:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char namebuf[32];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char hostbuf[INET6_ADDRSTRLEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1861:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char portbuf[16];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:1869:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				asp->cfg.remote.port = atoi(portbuf);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:2037:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:65:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(upmsg->l2h, data_ie->dat+sizeof(*data_hdr), data_ie->len - sizeof(*data_hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_hmrt.c:151:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:73:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:124:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	inst->cfg.pc_fmt.component_len[0] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:127:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		inst->cfg.pc_fmt.component_len[1] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:132:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		inst->cfg.pc_fmt.component_len[2] = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:226:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:316:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rt->cfg.priority = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:321:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rt->cfg.qos_class = atoi(argv[argind++]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:401:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:437:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	uint16_t port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:461:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	uint16_t port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:517:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:534:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			int port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:580:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	uint16_t remote_port = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:581:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	uint16_t local_port = atoi(argv[2]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:651:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	asp->cfg.qos_class = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:720:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:721:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:898:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	as->cfg.recovery_timeout_msec = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:908:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	as->cfg.qos_class = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:955:48:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (as->cfg.proto == OSMO_SS7_ASP_PROT_IPA && atoi(rcontext) != 0) {
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:968:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	rkey->context = atoi(rcontext);				/* FIXME: input validation */
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:970:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	rkey->ssn = ssn ? atoi(ssn) : 0;			/* FIXME: input validation */
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1115:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[32];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1303:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1307:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ip_addr_str[INET6_ADDRSTRLEN];
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1543:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	entry->addr.ssn = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1575:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ip_addr_backup, &entry->addr.ip, sizeof(entry->addr.ip));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1605:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ip_addr_backup, &entry->addr.ip, sizeof(entry->addr.ip));
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1667:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	entry->addr.gt.gti = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1678:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	entry->addr.gt.tt = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1690:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	entry->addr.gt.npi = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1702:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	entry->addr.gt.nai = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&addr->poi, &party->data[read], 2);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:575:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gti, sock->gti, sock->gti_len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:621:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[1], in_data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:740:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ref->destination_local_reference, src_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:749:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&data[2], inp, length);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:786:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&confirm->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:788:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&confirm->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:838:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&req->source_local_reference, src_ref, sizeof(*src_ref));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:853:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&data[2], l3_data, l3_length);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:906:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dt1->destination_local_reference, dst_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:914:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[1], inp_data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:947:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&it->destination_local_reference, &conn->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:949:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&it->source_local_reference, &conn->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:980:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&rel->destination_local_reference, dst_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:982:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&rel->source_local_reference, src_ref,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1156:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&rlc->destination_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1158:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&rlc->source_local_reference,
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:1458:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&src_ref, ref, sizeof(*ref));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:420:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur, part->dat, part->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:582:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:71:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->calling_addr, calling_addr, sizeof(*calling_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:72:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->called_addr, called_addr, sizeof(*called_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:76:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&param->calling_addr, calling_addr, sizeof(*calling_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:126:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->called_addr, called_addr, sizeof(*called_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:132:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:165:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:198:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&param->responding_addr, resp_addr, sizeof(*resp_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:221:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&param->responding_addr, resp_addr, sizeof(*resp_addr));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:235:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg->l2h, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:258:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:264:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, "NONE");
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:290:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:314:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[256];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sap.c:44:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char prim_name_buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c:197:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_sclc.c:243:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[16];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:749:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:765:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:781:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_scoc.c:792:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(upmsg->l2h, data_ie->dat, data_ie->len);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_user.c:447:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:60:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:89:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:90:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int ssn = atoi(argv[1]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:123:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:151:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	struct osmo_sccp_timer_val set_val = { .s = atoi(argv[1]) };
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:170:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[16];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_vty.c:238:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int id = atoi(argv[0]);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:216:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr, &xua->hdr, sizeof(*hdr));
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:227:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dat, part->dat, part->len);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:262:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur, data, len);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:412:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char class_buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:424:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char iei_buf[64];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:437:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:496:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[1024];
data/libosmo-sccp-1.3.0+dfsg1/src/xua_rkm.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char namebuf[32];
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:559:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg->l2h, test_data[current_test].data, length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:587:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg->l3h, test->data + test->payload_start, test->payload_length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:863:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(msg->l2h, test_data[current_test].data, length);
data/libosmo-sccp-1.3.0+dfsg1/tests/sccp/sccp_test.c:883:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(msg->l2h, parse_result[current_test].input, msgb_l2len(msg));
data/libosmo-sccp-1.3.0+dfsg1/tests/vty/ss7_asp_vty_test.c:108:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			log_set_log_level(osmo_stderr_target, atoi(optarg));
data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digits[23] = "";
data/libosmo-sccp-1.3.0+dfsg1/tests/xua/xua_test.c:507:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(msg->l2h, tcase->sccp.bin, tcase->sccp.length);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:48:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(const uint8_t *)data, data ? strlen(data)+1 : 0);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:62:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(const uint8_t *)data, data ? strlen(data)+1 : 0);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:75:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	osmo_sccp_tx_data(scu, conn_id, (const uint8_t *)data, strlen(data)+1);
data/libosmo-sccp-1.3.0+dfsg1/examples/sccp_test_vty.c:87:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				(const uint8_t *)data, strlen(data)+1);
data/libosmo-sccp-1.3.0+dfsg1/src/m3ua.c:402:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 strlen(npar->info_string)+1,
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7.c:131:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned int curlen = strlen(str);
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1288:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(entry->addr.gt.digits))
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1404:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(entry->addr.gt.digits))
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1422:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) >= sizeof(entry->name)) {
data/libosmo-sccp-1.3.0+dfsg1/src/osmo_ss7_vty.c:1714:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(argv[0]) > sizeof(entry->addr.gt.digits)) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:137:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		memcpy(&addr->poi, &party->data[read], 2);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:147:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		addr->ssn = party->data[read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:154:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		addr->gti_data = &party->data[read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:167:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (room > read) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:168:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		uint8_t type = msgb->l2h[offset + read];
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:181:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (room <= read) {
data/libosmo-sccp-1.3.0+dfsg1/src/sccp.c:184:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			       type, read, room, msgb_l2len(msgb));
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:94:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned int num_digits = strlen(in_digits);
data/libosmo-sccp-1.3.0+dfsg1/src/sccp2sua.c:277:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	odd = strlen(in->gt.digits) & 1;
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:247:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(buf, ",");
data/libosmo-sccp-1.3.0+dfsg1/src/sccp_helpers.c:250:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	printed = strlen(buf);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:303:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned int num_digits = strlen(gt->digits);
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:315:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msgb_put_u8(msg, strlen(gt->digits));
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:487:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(buf, ",");
data/libosmo-sccp-1.3.0+dfsg1/src/xua_msg.c:490:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	vsprintf(buf+strlen(buf), fmt, ap);

ANALYSIS SUMMARY:

Hits = 164
Lines analyzed = 23976 in approximately 0.62 seconds (38516 lines/second)
Physical Source Lines of Code (SLOC) = 17436
Hits@level = [0] 129 [1]  25 [2] 129 [3]   3 [4]   7 [5]   0
Hits@level+ = [0+] 293 [1+] 164 [2+] 139 [3+]  10 [4+]   7 [5+]   0
Hits/KSLOC@level+ = [0+] 16.8043 [1+] 9.40583 [2+] 7.97201 [3+] 0.573526 [4+] 0.401468 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.