Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libreswan-3.32/contrib/c-swan/is_encrypted.c
Examining data/libreswan-3.32/contrib/c-swan/swan.c
Examining data/libreswan-3.32/contrib/c-swan/swan.h
Examining data/libreswan-3.32/contrib/cisco-decrypt/cisco-decrypt.c
Examining data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c
Examining data/libreswan-3.32/contrib/ldsaref/saref.c
Examining data/libreswan-3.32/contrib/lucent/UDP501encap.c
Examining data/libreswan-3.32/include/addr_lookup.h
Examining data/libreswan-3.32/include/alg_byname.h
Examining data/libreswan-3.32/include/asn1.h
Examining data/libreswan-3.32/include/certs.h
Examining data/libreswan-3.32/include/chunk.h
Examining data/libreswan-3.32/include/ckaid.h
Examining data/libreswan-3.32/include/constants.h
Examining data/libreswan-3.32/include/crypt_hash.h
Examining data/libreswan-3.32/include/crypt_mac.h
Examining data/libreswan-3.32/include/crypt_prf.h
Examining data/libreswan-3.32/include/crypt_symkey.h
Examining data/libreswan-3.32/include/deltatime.h
Examining data/libreswan-3.32/include/dnssec.h
Examining data/libreswan-3.32/include/enum_names.h
Examining data/libreswan-3.32/include/err.h
Examining data/libreswan-3.32/include/fd.h
Examining data/libreswan-3.32/include/id.h
Examining data/libreswan-3.32/include/ietf_constants.h
Examining data/libreswan-3.32/include/ike_alg.h
Examining data/libreswan-3.32/include/ike_alg_dh.h
Examining data/libreswan-3.32/include/ike_alg_dh_ops.h
Examining data/libreswan-3.32/include/ike_alg_encrypt.h
Examining data/libreswan-3.32/include/ike_alg_encrypt_ops.h
Examining data/libreswan-3.32/include/ike_alg_hash.h
Examining data/libreswan-3.32/include/ike_alg_hash_ops.h
Examining data/libreswan-3.32/include/ike_alg_integ.h
Examining data/libreswan-3.32/include/ike_alg_prf.h
Examining data/libreswan-3.32/include/ike_alg_prf_ikev1_ops.h
Examining data/libreswan-3.32/include/ike_alg_prf_ikev2_ops.h
Examining data/libreswan-3.32/include/ike_alg_prf_mac_ops.h
Examining data/libreswan-3.32/include/ike_alg_test_cbc.h
Examining data/libreswan-3.32/include/ike_alg_test_ctr.h
Examining data/libreswan-3.32/include/ike_alg_test_gcm.h
Examining data/libreswan-3.32/include/ike_alg_test_prf.h
Examining data/libreswan-3.32/include/impair.h
Examining data/libreswan-3.32/include/ip_address.h
Examining data/libreswan-3.32/include/ip_endpoint.h
Examining data/libreswan-3.32/include/ip_info.h
Examining data/libreswan-3.32/include/ip_protocol.h
Examining data/libreswan-3.32/include/ip_range.h
Examining data/libreswan-3.32/include/ip_said.h
Examining data/libreswan-3.32/include/ip_sockaddr.h
Examining data/libreswan-3.32/include/ip_subnet.h
Examining data/libreswan-3.32/include/ipsec_saref.h
Examining data/libreswan-3.32/include/ipsecconf/confread.h
Examining data/libreswan-3.32/include/ipsecconf/confwrite.h
Examining data/libreswan-3.32/include/ipsecconf/exec.h
Examining data/libreswan-3.32/include/ipsecconf/interfaces.h
Examining data/libreswan-3.32/include/ipsecconf/keywords.h
Examining data/libreswan-3.32/include/ipsecconf/klips.h
Examining data/libreswan-3.32/include/ipsecconf/netkey.h
Examining data/libreswan-3.32/include/ipsecconf/parser-controls.h
Examining data/libreswan-3.32/include/ipsecconf/parser-flex.h
Examining data/libreswan-3.32/include/ipsecconf/parser.h
Examining data/libreswan-3.32/include/ipsecconf/parserlast.h
Examining data/libreswan-3.32/include/ipsecconf/pluto.h
Examining data/libreswan-3.32/include/ipsecconf/starterlog.h
Examining data/libreswan-3.32/include/ipsecconf/starterwhack.h
Examining data/libreswan-3.32/include/jambuf.h
Examining data/libreswan-3.32/include/kernel_alg.h
Examining data/libreswan-3.32/include/kernel_sadb.h
Examining data/libreswan-3.32/include/kernel_xfrm_reply.h
Examining data/libreswan-3.32/include/keywords.h
Examining data/libreswan-3.32/include/klips-crypto/aes.h
Examining data/libreswan-3.32/include/klips-crypto/aes_cbc.h
Examining data/libreswan-3.32/include/klips-crypto/des.h
Examining data/libreswan-3.32/include/lex.h
Examining data/libreswan-3.32/include/libbsdkame/libpfkey.h
Examining data/libreswan-3.32/include/libreswan.h
Examining data/libreswan-3.32/include/libreswan/ipsec_ah.h
Examining data/libreswan-3.32/include/libreswan/ipsec_auth.h
Examining data/libreswan-3.32/include/libreswan/ipsec_encap.h
Examining data/libreswan-3.32/include/libreswan/ipsec_esp.h
Examining data/libreswan-3.32/include/libreswan/ipsec_ipe4.h
Examining data/libreswan-3.32/include/libreswan/ipsec_md5h.h
Examining data/libreswan-3.32/include/libreswan/ipsec_param.h
Examining data/libreswan-3.32/include/libreswan/ipsec_sa.h
Examining data/libreswan-3.32/include/libreswan/ipsec_sha1.h
Examining data/libreswan-3.32/include/libreswan/ipsec_tunnel.h
Examining data/libreswan-3.32/include/libreswan/ipsec_xform.h
Examining data/libreswan-3.32/include/libreswan/passert.h
Examining data/libreswan-3.32/include/libreswan/pfkey.h
Examining data/libreswan-3.32/include/libreswan/pfkey_debug.h
Examining data/libreswan-3.32/include/libreswan/pfkeyv2.h
Examining data/libreswan-3.32/include/libreswan/radij.h
Examining data/libreswan-3.32/include/linux/pfkeyv2.h
Examining data/libreswan-3.32/include/lmod.h
Examining data/libreswan-3.32/include/lset.h
Examining data/libreswan-3.32/include/lsw_select.h
Examining data/libreswan-3.32/include/lswalloc.h
Examining data/libreswan-3.32/include/lswcdefs.h
Examining data/libreswan-3.32/include/lswconf.h
Examining data/libreswan-3.32/include/lswendian.h
Examining data/libreswan-3.32/include/lswfips.h
Examining data/libreswan-3.32/include/lswlog.h
Examining data/libreswan-3.32/include/lswnss.h
Examining data/libreswan-3.32/include/lswseccomp.h
Examining data/libreswan-3.32/include/lswtool.h
Examining data/libreswan-3.32/include/monotime.h
Examining data/libreswan-3.32/include/names_constant.h
Examining data/libreswan-3.32/include/netlink_attrib.h
Examining data/libreswan-3.32/include/nss_cert_load.h
Examining data/libreswan-3.32/include/oid.h
Examining data/libreswan-3.32/include/pfkey_help.h
Examining data/libreswan-3.32/include/pluto_constants.h
Examining data/libreswan-3.32/include/proposals.h
Examining data/libreswan-3.32/include/realtime.h
Examining data/libreswan-3.32/include/refcnt.h
Examining data/libreswan-3.32/include/reqid.h
Examining data/libreswan-3.32/include/sadb.h
Examining data/libreswan-3.32/include/secrets.h
Examining data/libreswan-3.32/include/shunk.h
Examining data/libreswan-3.32/include/socketwrapper.h
Examining data/libreswan-3.32/include/sysdep.h
Examining data/libreswan-3.32/include/unbound/unbound-event.h
Examining data/libreswan-3.32/include/whack.h
Examining data/libreswan-3.32/include/where.h
Examining data/libreswan-3.32/include/x509.h
Examining data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c
Examining data/libreswan-3.32/lib/libbsdpfkey/ipsec_get_policylen.c
Examining data/libreswan-3.32/lib/libbsdpfkey/ipsec_strerror.c
Examining data/libreswan-3.32/lib/libbsdpfkey/ipsec_strerror.h
Examining data/libreswan-3.32/lib/libbsdpfkey/pfkey.c
Examining data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c
Examining data/libreswan-3.32/lib/libbsdpfkey/test-policy.c
Examining data/libreswan-3.32/lib/libcrypto/include/cbc_generic.h
Examining data/libreswan-3.32/lib/libcrypto/libserpent/serpent.c
Examining data/libreswan-3.32/lib/libcrypto/libserpent/serpent.h
Examining data/libreswan-3.32/lib/libcrypto/libserpent/serpent_cbc.c
Examining data/libreswan-3.32/lib/libcrypto/libserpent/serpent_cbc.h
Examining data/libreswan-3.32/lib/libcrypto/libserpent/test_main.c
Examining data/libreswan-3.32/lib/libcrypto/libtwofish/test_main.c
Examining data/libreswan-3.32/lib/libcrypto/libtwofish/twofish.c
Examining data/libreswan-3.32/lib/libcrypto/libtwofish/twofish.h
Examining data/libreswan-3.32/lib/libcrypto/libtwofish/twofish_cbc.c
Examining data/libreswan-3.32/lib/libcrypto/libtwofish/twofish_cbc.h
Examining data/libreswan-3.32/lib/libipsecconf/confread.c
Examining data/libreswan-3.32/lib/libipsecconf/confwrite.c
Examining data/libreswan-3.32/lib/libipsecconf/interfaces.c
Examining data/libreswan-3.32/lib/libipsecconf/keywords.c
Examining data/libreswan-3.32/lib/libipsecconf/starterlog.c
Examining data/libreswan-3.32/lib/libipsecconf/starterwhack.c
Examining data/libreswan-3.32/lib/liblswtool/libreswan_exit.c
Examining data/libreswan-3.32/lib/liblswtool/lswlog.c
Examining data/libreswan-3.32/lib/libswan/DBG_dump.c
Examining data/libreswan-3.32/lib/libswan/DBG_log.c
Examining data/libreswan-3.32/lib/libswan/addr_lookup.c
Examining data/libreswan-3.32/lib/libswan/addrtot.c
Examining data/libreswan-3.32/lib/libswan/addrtypeof.c
Examining data/libreswan-3.32/lib/libswan/ah_info.c
Examining data/libreswan-3.32/lib/libswan/alg_byname.c
Examining data/libreswan-3.32/lib/libswan/alloc.c
Examining data/libreswan-3.32/lib/libswan/anyaddr.c
Examining data/libreswan-3.32/lib/libswan/asn1.c
Examining data/libreswan-3.32/lib/libswan/base64_pubkey.c
Examining data/libreswan-3.32/lib/libswan/certs.c
Examining data/libreswan-3.32/lib/libswan/chunk.c
Examining data/libreswan-3.32/lib/libswan/ckaid.c
Examining data/libreswan-3.32/lib/libswan/constants.c
Examining data/libreswan-3.32/lib/libswan/crypt_mac.c
Examining data/libreswan-3.32/lib/libswan/datatot.c
Examining data/libreswan-3.32/lib/libswan/debug.c
Examining data/libreswan-3.32/lib/libswan/deltatime.c
Examining data/libreswan-3.32/lib/libswan/diag.c
Examining data/libreswan-3.32/lib/libswan/esp_info.c
Examining data/libreswan-3.32/lib/libswan/fd.c
Examining data/libreswan-3.32/lib/libswan/id.c
Examining data/libreswan-3.32/lib/libswan/ike_alg.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_3des.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_aes.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_camellia.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_cast.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_desc.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_dh.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_modp_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_encrypt_chacha20_poly1305.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_aead_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_cbc_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_ctr_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_hash_nss_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_md5.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_none.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev1_mac_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev1_nss_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev2_mac_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev2_nss_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_hmac_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_nss_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_xcbc_ops.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_ripemd.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_serpent.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_sha1.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_sha2.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_test.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_twofish.c
Examining data/libreswan-3.32/lib/libswan/ike_info.c
Examining data/libreswan-3.32/lib/libswan/impair.c
Examining data/libreswan-3.32/lib/libswan/initaddr.c
Examining data/libreswan-3.32/lib/libswan/initsubnet.c
Examining data/libreswan-3.32/lib/libswan/ip_address.c
Examining data/libreswan-3.32/lib/libswan/ip_endpoint.c
Examining data/libreswan-3.32/lib/libswan/ip_info.c
Examining data/libreswan-3.32/lib/libswan/ip_protocol.c
Examining data/libreswan-3.32/lib/libswan/ip_range.c
Examining data/libreswan-3.32/lib/libswan/ip_said.c
Examining data/libreswan-3.32/lib/libswan/ip_subnet.c
Examining data/libreswan-3.32/lib/libswan/jam_bytes.c
Examining data/libreswan-3.32/lib/libswan/jambuf.c
Examining data/libreswan-3.32/lib/libswan/kernel_alg.c
Examining data/libreswan-3.32/lib/libswan/kernel_sadb.c
Examining data/libreswan-3.32/lib/libswan/kernel_xfrm_reply.c
Examining data/libreswan-3.32/lib/libswan/keyblobtoid.c
Examining data/libreswan-3.32/lib/libswan/keywords.c
Examining data/libreswan-3.32/lib/libswan/lex.c
Examining data/libreswan-3.32/lib/libswan/libreswan_bad_case.c
Examining data/libreswan-3.32/lib/libswan/libreswan_exit_log_errno.c
Examining data/libreswan-3.32/lib/libswan/libreswan_log.c
Examining data/libreswan-3.32/lib/libswan/libreswan_log_errno.c
Examining data/libreswan-3.32/lib/libswan/libreswan_log_rc.c
Examining data/libreswan-3.32/lib/libswan/lmod.c
Examining data/libreswan-3.32/lib/libswan/log_ip.c
Examining data/libreswan-3.32/lib/libswan/log_pexpect.c
Examining data/libreswan-3.32/lib/libswan/lset.c
Examining data/libreswan-3.32/lib/libswan/lsw_passert_fail.c
Examining data/libreswan-3.32/lib/libswan/lswconf.c
Examining data/libreswan-3.32/lib/libswan/lswfips.c
Examining data/libreswan-3.32/lib/libswan/lswlog.c
Examining data/libreswan-3.32/lib/libswan/lswlog_enum_lset_short.c
Examining data/libreswan-3.32/lib/libswan/lswlog_nss_cka.c
Examining data/libreswan-3.32/lib/libswan/lswlog_nss_ckf.c
Examining data/libreswan-3.32/lib/libswan/lswlog_nss_ckm.c
Examining data/libreswan-3.32/lib/libswan/lswlog_nss_error.c
Examining data/libreswan-3.32/lib/libswan/lswlog_nss_secitem.c
Examining data/libreswan-3.32/lib/libswan/lswlog_passert.c
Examining data/libreswan-3.32/lib/libswan/lswlog_pexpect.c
Examining data/libreswan-3.32/lib/libswan/lswlog_to_file_stream.c
Examining data/libreswan-3.32/lib/libswan/lswnss.c
Examining data/libreswan-3.32/lib/libswan/monotime.c
Examining data/libreswan-3.32/lib/libswan/netlink_attrib.c
Examining data/libreswan-3.32/lib/libswan/nss_cert_load.c
Examining data/libreswan-3.32/lib/libswan/nss_copies.c
Examining data/libreswan-3.32/lib/libswan/oid.c
Examining data/libreswan-3.32/lib/libswan/pfkey_error.c
Examining data/libreswan-3.32/lib/libswan/pfkey_sock.c
Examining data/libreswan-3.32/lib/libswan/pfkey_v2_build.c
Examining data/libreswan-3.32/lib/libswan/pfkey_v2_debug.c
Examining data/libreswan-3.32/lib/libswan/pfkey_v2_ext_bits.c
Examining data/libreswan-3.32/lib/libswan/pfkey_v2_parse.c
Examining data/libreswan-3.32/lib/libswan/proposals.c
Examining data/libreswan-3.32/lib/libswan/rangetosubnet.c
Examining data/libreswan-3.32/lib/libswan/realtime.c
Examining data/libreswan-3.32/lib/libswan/refcnt.c
Examining data/libreswan-3.32/lib/libswan/reqid.c
Examining data/libreswan-3.32/lib/libswan/role.c
Examining data/libreswan-3.32/lib/libswan/sameaddr.c
Examining data/libreswan-3.32/lib/libswan/secitem_chunk.c
Examining data/libreswan-3.32/lib/libswan/secrets.c
Examining data/libreswan-3.32/lib/libswan/shunk.c
Examining data/libreswan-3.32/lib/libswan/subnettypeof.c
Examining data/libreswan-3.32/lib/libswan/ttoaddr.c
Examining data/libreswan-3.32/lib/libswan/ttodata.c
Examining data/libreswan-3.32/lib/libswan/ttoprotoport.c
Examining data/libreswan-3.32/lib/libswan/ttosa.c
Examining data/libreswan-3.32/lib/libswan/ttosubnet.c
Examining data/libreswan-3.32/lib/libswan/ttoul.c
Examining data/libreswan-3.32/lib/libswan/ultot.c
Examining data/libreswan-3.32/lib/libswan/unbound.c
Examining data/libreswan-3.32/lib/libswan/v1_proposals.c
Examining data/libreswan-3.32/lib/libswan/v2_proposals.c
Examining data/libreswan-3.32/lib/libswan/version.in.c
Examining data/libreswan-3.32/lib/libswan/x509dn.c
Examining data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c
Examining data/libreswan-3.32/lib/libwhack/aliascomp.c
Examining data/libreswan-3.32/lib/libwhack/whacklib.c
Examining data/libreswan-3.32/linux/include/cryptodev.h
Examining data/libreswan-3.32/linux/include/des/des_locl.h
Examining data/libreswan-3.32/linux/include/des/des_ver.h
Examining data/libreswan-3.32/linux/include/des/podd.h
Examining data/libreswan-3.32/linux/include/des/sk.h
Examining data/libreswan-3.32/linux/include/des/spr.h
Examining data/libreswan-3.32/linux/include/err.h
Examining data/libreswan-3.32/linux/include/ip_address.h
Examining data/libreswan-3.32/linux/include/klips-crypto/aes.h
Examining data/libreswan-3.32/linux/include/klips-crypto/aes_cbc.h
Examining data/libreswan-3.32/linux/include/klips-crypto/aes_xcbc_mac.h
Examining data/libreswan-3.32/linux/include/klips-crypto/cbc_generic.h
Examining data/libreswan-3.32/linux/include/klips-crypto/des.h
Examining data/libreswan-3.32/linux/include/libreswan.h
Examining data/libreswan-3.32/linux/include/libreswan/ipcomp.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_ah.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_alg.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_alg_3des.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_auth.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_encap.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_eroute.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_errs.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_esp.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_ipcomp.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_ipe4.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_ipip.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_kern24.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_kversion.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_life.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_mast.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_md5h.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_param.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_param2.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_proto.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_radij.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_rcv.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_sa.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_sha1.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_stats.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_sysctl.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_tunnel.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_xform.h
Examining data/libreswan-3.32/linux/include/libreswan/ipsec_xmit.h
Examining data/libreswan-3.32/linux/include/libreswan/mast.h
Examining data/libreswan-3.32/linux/include/libreswan/passert.h
Examining data/libreswan-3.32/linux/include/libreswan/pfkey.h
Examining data/libreswan-3.32/linux/include/libreswan/pfkey_debug.h
Examining data/libreswan-3.32/linux/include/libreswan/pfkeyv2.h
Examining data/libreswan-3.32/linux/include/libreswan/radij.h
Examining data/libreswan-3.32/linux/include/lswcdefs.h
Examining data/libreswan-3.32/linux/include/ocf-compat.h
Examining data/libreswan-3.32/linux/include/zlib/zconf.h
Examining data/libreswan-3.32/linux/include/zlib/zlib.h
Examining data/libreswan-3.32/linux/include/zlib/zutil.h
Examining data/libreswan-3.32/linux/net/ipsec/addrtoa.c
Examining data/libreswan-3.32/linux/net/ipsec/addrtot.c
Examining data/libreswan-3.32/linux/net/ipsec/addrtypeof.c
Examining data/libreswan-3.32/linux/net/ipsec/adler32.c
Examining data/libreswan-3.32/linux/net/ipsec/aes/aes.c
Examining data/libreswan-3.32/linux/net/ipsec/aes/aes_cbc.c
Examining data/libreswan-3.32/linux/net/ipsec/aes/aes_xcbc_mac.c
Examining data/libreswan-3.32/linux/net/ipsec/aes/ipsec_alg_aes.c
Examining data/libreswan-3.32/linux/net/ipsec/alg/ipsec_alg_cryptoapi.c
Examining data/libreswan-3.32/linux/net/ipsec/anyaddr.c
Examining data/libreswan-3.32/linux/net/ipsec/datatot.c
Examining data/libreswan-3.32/linux/net/ipsec/deflate.c
Examining data/libreswan-3.32/linux/net/ipsec/deflate.h
Examining data/libreswan-3.32/linux/net/ipsec/des/cbc_enc.c
Examining data/libreswan-3.32/linux/net/ipsec/des/des_enc.c
Examining data/libreswan-3.32/linux/net/ipsec/des/des_opts.c
Examining data/libreswan-3.32/linux/net/ipsec/des/ecb_enc.c
Examining data/libreswan-3.32/linux/net/ipsec/des/ipsec_alg_3des.c
Examining data/libreswan-3.32/linux/net/ipsec/des/set_key.c
Examining data/libreswan-3.32/linux/net/ipsec/goodmask.c
Examining data/libreswan-3.32/linux/net/ipsec/infblock.c
Examining data/libreswan-3.32/linux/net/ipsec/infblock.h
Examining data/libreswan-3.32/linux/net/ipsec/infcodes.c
Examining data/libreswan-3.32/linux/net/ipsec/infcodes.h
Examining data/libreswan-3.32/linux/net/ipsec/inffast.c
Examining data/libreswan-3.32/linux/net/ipsec/inffast.h
Examining data/libreswan-3.32/linux/net/ipsec/inffixed.h
Examining data/libreswan-3.32/linux/net/ipsec/inflate.c
Examining data/libreswan-3.32/linux/net/ipsec/inftrees.c
Examining data/libreswan-3.32/linux/net/ipsec/inftrees.h
Examining data/libreswan-3.32/linux/net/ipsec/infutil.c
Examining data/libreswan-3.32/linux/net/ipsec/infutil.h
Examining data/libreswan-3.32/linux/net/ipsec/initaddr.c
Examining data/libreswan-3.32/linux/net/ipsec/ipcomp.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_alg.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_esp.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_init.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_ipcomp.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_ipip.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_kern24.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_life.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_ocf.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_ocf.h
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_snprintf.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c
Examining data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_debug.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_bits.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parse.c
Examining data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c
Examining data/libreswan-3.32/linux/net/ipsec/prng.c
Examining data/libreswan-3.32/linux/net/ipsec/radij.c
Examining data/libreswan-3.32/linux/net/ipsec/satot.c
Examining data/libreswan-3.32/linux/net/ipsec/subnetof.c
Examining data/libreswan-3.32/linux/net/ipsec/subnettoa.c
Examining data/libreswan-3.32/linux/net/ipsec/sysctl_net_ipsec.c
Examining data/libreswan-3.32/linux/net/ipsec/trees.c
Examining data/libreswan-3.32/linux/net/ipsec/trees.h
Examining data/libreswan-3.32/linux/net/ipsec/ultot.c
Examining data/libreswan-3.32/linux/net/ipsec/version.in.c
Examining data/libreswan-3.32/linux/net/ipsec/zutil.c
Examining data/libreswan-3.32/packaging/linus/config-all.h
Examining data/libreswan-3.32/packaging/ocf/config-all.h
Examining data/libreswan-3.32/programs/_import_crl/_import_crl.c
Examining data/libreswan-3.32/programs/addconn/addconn.c
Examining data/libreswan-3.32/programs/algparse/algparse.c
Examining data/libreswan-3.32/programs/cavp/acvp.c
Examining data/libreswan-3.32/programs/cavp/acvp.h
Examining data/libreswan-3.32/programs/cavp/acvp_parser.h
Examining data/libreswan-3.32/programs/cavp/cavp.c
Examining data/libreswan-3.32/programs/cavp/cavp.h
Examining data/libreswan-3.32/programs/cavp/cavp_entry.c
Examining data/libreswan-3.32/programs/cavp/cavp_entry.h
Examining data/libreswan-3.32/programs/cavp/cavp_parser.c
Examining data/libreswan-3.32/programs/cavp/cavp_parser.h
Examining data/libreswan-3.32/programs/cavp/cavp_print.c
Examining data/libreswan-3.32/programs/cavp/cavp_print.h
Examining data/libreswan-3.32/programs/cavp/cavps.c
Examining data/libreswan-3.32/programs/cavp/cavps.h
Examining data/libreswan-3.32/programs/cavp/test_gcm.c
Examining data/libreswan-3.32/programs/cavp/test_gcm.h
Examining data/libreswan-3.32/programs/cavp/test_hmac.c
Examining data/libreswan-3.32/programs/cavp/test_hmac.h
Examining data/libreswan-3.32/programs/cavp/test_ikev1.c
Examining data/libreswan-3.32/programs/cavp/test_ikev1.h
Examining data/libreswan-3.32/programs/cavp/test_ikev1_dsa.c
Examining data/libreswan-3.32/programs/cavp/test_ikev1_dsa.h
Examining data/libreswan-3.32/programs/cavp/test_ikev1_psk.c
Examining data/libreswan-3.32/programs/cavp/test_ikev1_psk.h
Examining data/libreswan-3.32/programs/cavp/test_ikev2.c
Examining data/libreswan-3.32/programs/cavp/test_ikev2.h
Examining data/libreswan-3.32/programs/cavp/test_sha.c
Examining data/libreswan-3.32/programs/cavp/test_sha.h
Examining data/libreswan-3.32/programs/eroute/eroute.c
Examining data/libreswan-3.32/programs/klipsdebug/klipsdebug.c
Examining data/libreswan-3.32/programs/pf_key/pf_key.c
Examining data/libreswan-3.32/programs/pluto/addresspool.c
Examining data/libreswan-3.32/programs/pluto/addresspool.h
Examining data/libreswan-3.32/programs/pluto/cbc_test_vectors.c
Examining data/libreswan-3.32/programs/pluto/connections.c
Examining data/libreswan-3.32/programs/pluto/connections.h
Examining data/libreswan-3.32/programs/pluto/crl_queue.c
Examining data/libreswan-3.32/programs/pluto/crl_queue.h
Examining data/libreswan-3.32/programs/pluto/crypt_dh.c
Examining data/libreswan-3.32/programs/pluto/crypt_dh.h
Examining data/libreswan-3.32/programs/pluto/crypt_dh_v1.c
Examining data/libreswan-3.32/programs/pluto/crypt_dh_v2.c
Examining data/libreswan-3.32/programs/pluto/crypt_hash.c
Examining data/libreswan-3.32/programs/pluto/crypt_ke.c
Examining data/libreswan-3.32/programs/pluto/crypt_prf.c
Examining data/libreswan-3.32/programs/pluto/crypt_symkey.c
Examining data/libreswan-3.32/programs/pluto/crypt_utils.c
Examining data/libreswan-3.32/programs/pluto/crypto.c
Examining data/libreswan-3.32/programs/pluto/crypto.h
Examining data/libreswan-3.32/programs/pluto/ctr_test_vectors.c
Examining data/libreswan-3.32/programs/pluto/db_ops.c
Examining data/libreswan-3.32/programs/pluto/db_ops.h
Examining data/libreswan-3.32/programs/pluto/defs.c
Examining data/libreswan-3.32/programs/pluto/defs.h
Examining data/libreswan-3.32/programs/pluto/demux.c
Examining data/libreswan-3.32/programs/pluto/demux.h
Examining data/libreswan-3.32/programs/pluto/fetch.c
Examining data/libreswan-3.32/programs/pluto/fetch.h
Examining data/libreswan-3.32/programs/pluto/foodgroups.c
Examining data/libreswan-3.32/programs/pluto/foodgroups.h
Examining data/libreswan-3.32/programs/pluto/gcm_test_vectors.c
Examining data/libreswan-3.32/programs/pluto/hash_table.c
Examining data/libreswan-3.32/programs/pluto/hash_table.h
Examining data/libreswan-3.32/programs/pluto/hostpair.c
Examining data/libreswan-3.32/programs/pluto/hostpair.h
Examining data/libreswan-3.32/programs/pluto/ike_spi.c
Examining data/libreswan-3.32/programs/pluto/ike_spi.h
Examining data/libreswan-3.32/programs/pluto/ikev1.c
Examining data/libreswan-3.32/programs/pluto/ikev1.h
Examining data/libreswan-3.32/programs/pluto/ikev1_aggr.c
Examining data/libreswan-3.32/programs/pluto/ikev1_continuations.h
Examining data/libreswan-3.32/programs/pluto/ikev1_dpd.c
Examining data/libreswan-3.32/programs/pluto/ikev1_dpd.h
Examining data/libreswan-3.32/programs/pluto/ikev1_hash.c
Examining data/libreswan-3.32/programs/pluto/ikev1_hash.h
Examining data/libreswan-3.32/programs/pluto/ikev1_main.c
Examining data/libreswan-3.32/programs/pluto/ikev1_message.c
Examining data/libreswan-3.32/programs/pluto/ikev1_message.h
Examining data/libreswan-3.32/programs/pluto/ikev1_msgid.c
Examining data/libreswan-3.32/programs/pluto/ikev1_msgid.h
Examining data/libreswan-3.32/programs/pluto/ikev1_prf.c
Examining data/libreswan-3.32/programs/pluto/ikev1_prf.h
Examining data/libreswan-3.32/programs/pluto/ikev1_quick.c
Examining data/libreswan-3.32/programs/pluto/ikev1_quick.h
Examining data/libreswan-3.32/programs/pluto/ikev1_send.c
Examining data/libreswan-3.32/programs/pluto/ikev1_send.h
Examining data/libreswan-3.32/programs/pluto/ikev1_spdb_struct.c
Examining data/libreswan-3.32/programs/pluto/ikev1_states.c
Examining data/libreswan-3.32/programs/pluto/ikev1_states.h
Examining data/libreswan-3.32/programs/pluto/ikev1_xauth.c
Examining data/libreswan-3.32/programs/pluto/ikev1_xauth.h
Examining data/libreswan-3.32/programs/pluto/ikev2.h
Examining data/libreswan-3.32/programs/pluto/ikev2_child.c
Examining data/libreswan-3.32/programs/pluto/ikev2_cookie.c
Examining data/libreswan-3.32/programs/pluto/ikev2_cookie.h
Examining data/libreswan-3.32/programs/pluto/ikev2_crypto.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ecdsa.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ipseckey.h
Examining data/libreswan-3.32/programs/pluto/ikev2_message.c
Examining data/libreswan-3.32/programs/pluto/ikev2_message.h
Examining data/libreswan-3.32/programs/pluto/ikev2_msgid.c
Examining data/libreswan-3.32/programs/pluto/ikev2_msgid.h
Examining data/libreswan-3.32/programs/pluto/ikev2_parent.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ppk.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ppk.h
Examining data/libreswan-3.32/programs/pluto/ikev2_prf.c
Examining data/libreswan-3.32/programs/pluto/ikev2_prf.h
Examining data/libreswan-3.32/programs/pluto/ikev2_psk.c
Examining data/libreswan-3.32/programs/pluto/ikev2_redirect.c
Examining data/libreswan-3.32/programs/pluto/ikev2_redirect.h
Examining data/libreswan-3.32/programs/pluto/ikev2_rekey_now.c
Examining data/libreswan-3.32/programs/pluto/ikev2_rsa.c
Examining data/libreswan-3.32/programs/pluto/ikev2_send.c
Examining data/libreswan-3.32/programs/pluto/ikev2_send.h
Examining data/libreswan-3.32/programs/pluto/ikev2_sighash.c
Examining data/libreswan-3.32/programs/pluto/ikev2_sighash.h
Examining data/libreswan-3.32/programs/pluto/ikev2_spdb_struct.c
Examining data/libreswan-3.32/programs/pluto/ikev2_states.c
Examining data/libreswan-3.32/programs/pluto/ikev2_states.h
Examining data/libreswan-3.32/programs/pluto/ikev2_ts.c
Examining data/libreswan-3.32/programs/pluto/ikev2_ts.h
Examining data/libreswan-3.32/programs/pluto/initiate.c
Examining data/libreswan-3.32/programs/pluto/initiate.h
Examining data/libreswan-3.32/programs/pluto/ipsec_doi.c
Examining data/libreswan-3.32/programs/pluto/ipsec_doi.h
Examining data/libreswan-3.32/programs/pluto/isakmp_hdr.h
Examining data/libreswan-3.32/programs/pluto/kameipsec.h
Examining data/libreswan-3.32/programs/pluto/kernel.c
Examining data/libreswan-3.32/programs/pluto/kernel.h
Examining data/libreswan-3.32/programs/pluto/kernel_bsd.c
Examining data/libreswan-3.32/programs/pluto/kernel_bsdkame.c
Examining data/libreswan-3.32/programs/pluto/kernel_bsdkame.h
Examining data/libreswan-3.32/programs/pluto/kernel_klips.c
Examining data/libreswan-3.32/programs/pluto/kernel_klips.h
Examining data/libreswan-3.32/programs/pluto/kernel_linux.c
Examining data/libreswan-3.32/programs/pluto/kernel_nokernel.c
Examining data/libreswan-3.32/programs/pluto/kernel_nokernel.h
Examining data/libreswan-3.32/programs/pluto/kernel_pfkey.c
Examining data/libreswan-3.32/programs/pluto/kernel_pfkey.h
Examining data/libreswan-3.32/programs/pluto/kernel_xfrm.c
Examining data/libreswan-3.32/programs/pluto/kernel_xfrm.h
Examining data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.h
Examining data/libreswan-3.32/programs/pluto/keys.c
Examining data/libreswan-3.32/programs/pluto/keys.h
Examining data/libreswan-3.32/programs/pluto/known_vendorid.h
Examining data/libreswan-3.32/programs/pluto/labeled_ipsec.h
Examining data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h
Examining data/libreswan-3.32/programs/pluto/linux-extra-if-link/if_link_extra.h
Examining data/libreswan-3.32/programs/pluto/linux_audit.c
Examining data/libreswan-3.32/programs/pluto/list_entry.c
Examining data/libreswan-3.32/programs/pluto/list_entry.h
Examining data/libreswan-3.32/programs/pluto/log.c
Examining data/libreswan-3.32/programs/pluto/log.h
Examining data/libreswan-3.32/programs/pluto/msgdigest.c
Examining data/libreswan-3.32/programs/pluto/nat_traversal.c
Examining data/libreswan-3.32/programs/pluto/nat_traversal.h
Examining data/libreswan-3.32/programs/pluto/nss_cert_verify.c
Examining data/libreswan-3.32/programs/pluto/nss_cert_verify.h
Examining data/libreswan-3.32/programs/pluto/nss_crl_import.c
Examining data/libreswan-3.32/programs/pluto/nss_crl_import.h
Examining data/libreswan-3.32/programs/pluto/nss_err.c
Examining data/libreswan-3.32/programs/pluto/nss_err.h
Examining data/libreswan-3.32/programs/pluto/nss_ocsp.c
Examining data/libreswan-3.32/programs/pluto/nss_ocsp.h
Examining data/libreswan-3.32/programs/pluto/packet.c
Examining data/libreswan-3.32/programs/pluto/packet.h
Examining data/libreswan-3.32/programs/pluto/pam_conv.c
Examining data/libreswan-3.32/programs/pluto/pam_conv.h
Examining data/libreswan-3.32/programs/pluto/peerlog.c
Examining data/libreswan-3.32/programs/pluto/peerlog.h
Examining data/libreswan-3.32/programs/pluto/pem.c
Examining data/libreswan-3.32/programs/pluto/pem.h
Examining data/libreswan-3.32/programs/pluto/pending.c
Examining data/libreswan-3.32/programs/pluto/pending.h
Examining data/libreswan-3.32/programs/pluto/pluto_constants.c
Examining data/libreswan-3.32/programs/pluto/pluto_crypt.c
Examining data/libreswan-3.32/programs/pluto/pluto_crypt.h
Examining data/libreswan-3.32/programs/pluto/pluto_id.c
Examining data/libreswan-3.32/programs/pluto/pluto_sd.c
Examining data/libreswan-3.32/programs/pluto/pluto_sd.h
Examining data/libreswan-3.32/programs/pluto/pluto_seccomp.c
Examining data/libreswan-3.32/programs/pluto/pluto_seccomp.h
Examining data/libreswan-3.32/programs/pluto/pluto_stats.c
Examining data/libreswan-3.32/programs/pluto/pluto_stats.h
Examining data/libreswan-3.32/programs/pluto/pluto_timing.c
Examining data/libreswan-3.32/programs/pluto/pluto_timing.h
Examining data/libreswan-3.32/programs/pluto/pluto_x509.h
Examining data/libreswan-3.32/programs/pluto/plutoalg.c
Examining data/libreswan-3.32/programs/pluto/plutoalg.h
Examining data/libreswan-3.32/programs/pluto/plutomain.c
Examining data/libreswan-3.32/programs/pluto/prf_test_vectors.c
Examining data/libreswan-3.32/programs/pluto/quirks.h
Examining data/libreswan-3.32/programs/pluto/rcv_whack.c
Examining data/libreswan-3.32/programs/pluto/rcv_whack.h
Examining data/libreswan-3.32/programs/pluto/retransmit.c
Examining data/libreswan-3.32/programs/pluto/retransmit.h
Examining data/libreswan-3.32/programs/pluto/retry.c
Examining data/libreswan-3.32/programs/pluto/retry.h
Examining data/libreswan-3.32/programs/pluto/rnd.c
Examining data/libreswan-3.32/programs/pluto/rnd.h
Examining data/libreswan-3.32/programs/pluto/root_certs.c
Examining data/libreswan-3.32/programs/pluto/root_certs.h
Examining data/libreswan-3.32/programs/pluto/security_selinux.c
Examining data/libreswan-3.32/programs/pluto/security_selinux.h
Examining data/libreswan-3.32/programs/pluto/send.c
Examining data/libreswan-3.32/programs/pluto/send.h
Examining data/libreswan-3.32/programs/pluto/server.c
Examining data/libreswan-3.32/programs/pluto/server.h
Examining data/libreswan-3.32/programs/pluto/show.c
Examining data/libreswan-3.32/programs/pluto/spdb.c
Examining data/libreswan-3.32/programs/pluto/spdb.h
Examining data/libreswan-3.32/programs/pluto/spdb_struct.c
Examining data/libreswan-3.32/programs/pluto/state.c
Examining data/libreswan-3.32/programs/pluto/state.h
Examining data/libreswan-3.32/programs/pluto/state_db.c
Examining data/libreswan-3.32/programs/pluto/state_db.h
Examining data/libreswan-3.32/programs/pluto/terminate.c
Examining data/libreswan-3.32/programs/pluto/test_buffer.c
Examining data/libreswan-3.32/programs/pluto/test_buffer.h
Examining data/libreswan-3.32/programs/pluto/timer.c
Examining data/libreswan-3.32/programs/pluto/timer.h
Examining data/libreswan-3.32/programs/pluto/udpfromto.c
Examining data/libreswan-3.32/programs/pluto/udpfromto.h
Examining data/libreswan-3.32/programs/pluto/vendor.c
Examining data/libreswan-3.32/programs/pluto/vendor.h
Examining data/libreswan-3.32/programs/pluto/virtual.c
Examining data/libreswan-3.32/programs/pluto/virtual.h
Examining data/libreswan-3.32/programs/pluto/x509.c
Examining data/libreswan-3.32/programs/pluto/xauth.c
Examining data/libreswan-3.32/programs/pluto/xauth.h
Examining data/libreswan-3.32/programs/pluto/ikev2.c
Examining data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c
Examining data/libreswan-3.32/programs/readwriteconf/readwriteconf.c
Examining data/libreswan-3.32/programs/rsasigkey/rsasigkey.c
Examining data/libreswan-3.32/programs/showhostkey/showhostkey.c
Examining data/libreswan-3.32/programs/spi/spi.c
Examining data/libreswan-3.32/programs/spigrp/spigrp.c
Examining data/libreswan-3.32/programs/tncfg/tncfg.c
Examining data/libreswan-3.32/programs/whack/whack.c
Examining data/libreswan-3.32/testing/cert_verify/verify.c
Examining data/libreswan-3.32/testing/check/dn/dncheck.c
Examining data/libreswan-3.32/testing/check/enum/enumcheck.c
Examining data/libreswan-3.32/testing/check/ip/ip_address_check.c
Examining data/libreswan-3.32/testing/check/ip/ip_endpoint_check.c
Examining data/libreswan-3.32/testing/check/ip/ip_info_check.c
Examining data/libreswan-3.32/testing/check/ip/ip_range_check.c
Examining data/libreswan-3.32/testing/check/ip/ip_said_check.c
Examining data/libreswan-3.32/testing/check/ip/ip_subnet_check.c
Examining data/libreswan-3.32/testing/check/ip/ipcheck.c
Examining data/libreswan-3.32/testing/check/ip/ipcheck.h
Examining data/libreswan-3.32/testing/check/jambuf/jambufcheck.c
Examining data/libreswan-3.32/testing/check/shunk/shunkcheck.c
Examining data/libreswan-3.32/testing/check/time/check_deltatime.c
Examining data/libreswan-3.32/testing/check/time/check_monotime.c
Examining data/libreswan-3.32/testing/check/time/check_realtime.c
Examining data/libreswan-3.32/testing/check/time/timecheck.c
Examining data/libreswan-3.32/testing/check/time/timecheck.h
Examining data/libreswan-3.32/testing/pluto/ikev2-60-pam/mypam.c
Examining data/libreswan-3.32/testing/pluto/xauth-pluto-20-pam-timeout/mypam.c
Examining data/libreswan-3.32/testing/pluto/xauth-pluto-20-pam/mypam.c
Examining data/libreswan-3.32/testing/utils/ike-aggr-dos/ike-aggr-dos.c
Examining data/libreswan-3.32/testing/utils/pcap2skb/pcap2skb.c
Examining data/libreswan-3.32/testing/utils/siocprivate/tncfg.c
FINAL RESULTS:
data/libreswan-3.32/programs/addconn/addconn.c:131:23: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
LSW_SECCOMP_ADD(ctx, readlink);
data/libreswan-3.32/programs/pluto/nss_crl_import.c:71:6: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/self/exe", crl_path_space,
data/libreswan-3.32/programs/pluto/pluto_seccomp.c:108:24: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
LSW_SECCOMP_ADD(ctx, readlink);
data/libreswan-3.32/programs/pluto/server.c:1422:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
n = readlink("/proc/self/exe", addconn_path_space,
data/libreswan-3.32/contrib/c-swan/swan.c:60:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(params[0], params);
data/libreswan-3.32/include/klips-crypto/des.h:255:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt();
data/libreswan-3.32/include/lswcdefs.h:39:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n + 1)))
data/libreswan-3.32/lib/libipsecconf/confread.c:216:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(tmp_err, sizeof(tmp_err) - 1, fmt, args);
data/libreswan-3.32/lib/libipsecconf/starterlog.c:64:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff, BUFF_SIZE - 1, fmt, args);
data/libreswan-3.32/lib/libswan/datatot.c:113:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, prefix);
data/libreswan-3.32/lib/libswan/diag.c:49:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(t, sizeof(t), fmt, args);
data/libreswan-3.32/lib/libswan/diag.c:51:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mydiag_space, t);
data/libreswan-3.32/lib/libswan/ip_said.c:90:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, (said_type(sa) == &ipv4_info) ?
data/libreswan-3.32/lib/libswan/ip_said.c:125:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p);
data/libreswan-3.32/lib/libswan/ip_said.c:131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pre);
data/libreswan-3.32/lib/libswan/ip_said.c:155:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, buf);
data/libreswan-3.32/lib/libswan/jambuf.c:185:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int sn = vsnprintf(d.cursor, d.size, format, ap);
data/libreswan-3.32/lib/libswan/keyblobtoid.c:47:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, buf);
data/libreswan-3.32/lib/libswan/lset.c:84:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)snprintf(p, (size_t)(roof - p),
data/libreswan-3.32/lib/libswan/lswconf.c:85:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%s" SUBDIRNAME("/cacerts"), global_oco.confddir);
data/libreswan-3.32/lib/libswan/lswconf.c:88:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%s" SUBDIRNAME("/crls"), global_oco.confddir);
data/libreswan-3.32/lib/libswan/lswfips.c:50:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(FIPSPRODUCTCHECK, F_OK) != 0) {
data/libreswan-3.32/lib/libswan/lswfips.c:87:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fips_mode = system;
data/libreswan-3.32/lib/libswan/lswnss.c:53:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nssdir, sql);
data/libreswan-3.32/lib/libswan/lswnss.c:54:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nssdir, configdir);
data/libreswan-3.32/lib/libswan/proposals.c:565:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(parser->error, sizeof(parser->error), fmt, ap);
data/libreswan-3.32/lib/libswan/ttodata.c:341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(errp, pre);
data/libreswan-3.32/lib/libswan/ttodata.c:357:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errp, buf);
data/libreswan-3.32/lib/libswan/ttodata.c:358:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(errp, suf);
data/libreswan-3.32/lib/libswan/ultot.c:81:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, p);
data/libreswan-3.32/lib/libswan/v2_proposals.c:368:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(error, parser->error); \
data/libreswan-3.32/lib/libswan/v2_proposals.c:403:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parser->error, error);
data/libreswan-3.32/lib/libwhack/whacklib.c:58:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)wp->str_next, s);
data/libreswan-3.32/lib/libwhack/whacklib.c:278:17: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *secret = getpass("Enter passphrase: ");
data/libreswan-3.32/linux/include/klips-crypto/des.h:255:7: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
char *crypt();
data/libreswan-3.32/linux/include/libreswan/pfkey_debug.h:50:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf("pfkey_lib_debug:" args); \
data/libreswan-3.32/linux/include/lswcdefs.h:23:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n + 1)))
data/libreswan-3.32/linux/include/ocf-compat.h:94:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((_sc)->_device.nameunit, sizeof((_sc)->_device.name), \
data/libreswan-3.32/linux/include/ocf-compat.h:164:8: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#undef printf
data/libreswan-3.32/linux/include/ocf-compat.h:165:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf(fmt ...) printk(fmt)
data/libreswan-3.32/linux/include/ocf-compat.h:177:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(current->comm, str);
data/libreswan-3.32/linux/include/ocf-compat.h:357:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(t.task->comm, sizeof(t.task->comm), fmt); \
data/libreswan-3.32/linux/net/ipsec/addrtoa.c:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, buf);
data/libreswan-3.32/linux/net/ipsec/addrtot.c:122:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, p);
data/libreswan-3.32/linux/net/ipsec/addrtot.c:183:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, p); /* clang 6.0.0 mistakenly thinks p is undefined */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:411:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(in, r->input);
data/libreswan-3.32/linux/net/ipsec/datatot.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, prefix);
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:977:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(name, IFNAMSIZ, MAST_DEV_FORMAT, vifnum);
data/libreswan-3.32/linux/net/ipsec/ipsec_snprintf.c:79:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
i = vsnprintf(buf, possize, fmt, args);
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:2146:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(name, IPSEC_DEV_FORMAT, ifnum);
data/libreswan-3.32/linux/net/ipsec/satot.c:94:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, (addrtypeof(&sa->dst) == AF_INET) ?
data/libreswan-3.32/linux/net/ipsec/satot.c:129:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, p);
data/libreswan-3.32/linux/net/ipsec/satot.c:135:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pre);
data/libreswan-3.32/linux/net/ipsec/satot.c:153:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, buf);
data/libreswan-3.32/linux/net/ipsec/ultot.c:78:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, p);
data/libreswan-3.32/programs/addconn/addconn.c:97:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LSW_SECCOMP_ADD(ctx, access);
data/libreswan-3.32/programs/addconn/addconn.c:360:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(configfile, confdir); /* safe: see allocation above */
data/libreswan-3.32/programs/algparse/algparse.c:78:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/libreswan-3.32/programs/algparse/algparse.c:89:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/libreswan-3.32/programs/algparse/algparse.c:110:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/libreswan-3.32/programs/cavp/cavp.c:44:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"Run CAVP/ACVP tests as specified either in a file or from the\n");
data/libreswan-3.32/programs/cavp/cavp.c:45:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"command line:\n");
data/libreswan-3.32/programs/cavp/cavp.c:47:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""OPT, "fips", "force FIPS mode; must be the first option");
data/libreswan-3.32/programs/cavp/cavp.c:48:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""IOPT"by default NSS determines FIPS mode\n");
data/libreswan-3.32/programs/cavp/cavp.c:49:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""OPT, "json", "output each test result as a json record");
data/libreswan-3.32/programs/cavp/cavp.c:50:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""OPT, "v", "verbose output");
data/libreswan-3.32/programs/cavp/cavp.c:51:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II"-h, -help, -?\n"II""IOPT"Print this help message\n");
data/libreswan-3.32/programs/cavp/cavp.c:57:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"Run <test> using test vectors from <test-file> ('-' for stdin).\n");
data/libreswan-3.32/programs/cavp/cavp.c:58:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"If -<test> is omitted then the <test> is determined by pattern\n");
data/libreswan-3.32/programs/cavp/cavp.c:59:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"matching the <test-file> header:\n");
data/libreswan-3.32/programs/cavp/cavp.c:62:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""OPT, (*cavpp)->alias, (*cavpp)->description);
data/libreswan-3.32/programs/cavp/cavp.c:64:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""IOPT"Match: %s\n", *matchp);
data/libreswan-3.32/programs/cavp/cavp.c:72:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"Run <test> using <acvp-key>-<acvp-value> pairs specified on the\n");
data/libreswan-3.32/programs/cavp/cavp.c:73:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(I"command line:\n");
data/libreswan-3.32/programs/cavp/cavp.c:76:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(II""OPT, (*cavpp)->alias, (*cavpp)->description);
data/libreswan-3.32/programs/cavp/cavp.c:84:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(III"-"ACVP_PRF_OPTION" ");
data/libreswan-3.32/programs/cavp/cavp.c:98:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(III"-"ACVP_DKM_OPTION" <length-in-bits>\n");
data/libreswan-3.32/programs/cavp/cavp.c:106:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(III"-%s <%s>\n", entry->opt, entry->key);
data/libreswan-3.32/programs/cavp/cavp.c:110:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(III"Not supported\n");
data/libreswan-3.32/programs/eroute/eroute.c:453:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(b, room, combine_fmt,
data/libreswan-3.32/programs/eroute/eroute.c:515:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system("cat /proc/net/ipsec_eroute");
data/libreswan-3.32/programs/klipsdebug/klipsdebug.c:292:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(program_name, room, combine_fmt,
data/libreswan-3.32/programs/klipsdebug/klipsdebug.c:306:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system("cat /proc/net/ipsec_klipsdebug");
data/libreswan-3.32/programs/pf_key/pf_key.c:197:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(out,
data/libreswan-3.32/programs/pluto/connections.c:2066:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, POLICY_PRIO_BUF, "%" PRIu32 ",%" PRIu32,
data/libreswan-3.32/programs/pluto/connections.c:3874:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sapriostr, sizeof(sapriostr), "%#" PRIx32, c->sa_priority);
data/libreswan-3.32/programs/pluto/connections.c:3899:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(markstr, sizeof(markstr), "%" PRIu32 "/%#08" PRIx32 ", %" PRIu32 "/%#08" PRIx32,
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:1055:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
cp = crypt(password, passwdhash);
data/libreswan-3.32/programs/pluto/kernel.c:697:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE *f = popen(cmd, "r");
data/libreswan-3.32/programs/pluto/kernel.c:711:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmd);
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:566:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = snprintf(if_name, IFNAMSIZ, XFRMI_DEV_FORMAT, if_id);
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:758:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(if_name, sizeof(if_name), XFRMI_DEV_FORMAT, IPSEC1_XFRM_IF_ID); /* first one ipsec1 */
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:779:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(if_name, sizeof(if_name), XFRMI_DEV_FORMAT, IPSEC1_XFRM_IF_ID); /* gloabl ipsec1 */
data/libreswan-3.32/programs/pluto/nss_crl_import.c:93:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(crl_path_space + n, crl_name);
data/libreswan-3.32/programs/pluto/packet.c:1922:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pre, label);
data/libreswan-3.32/programs/pluto/peerlog.c:139:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, W_OK) == 0) {
data/libreswan-3.32/programs/pluto/pluto_seccomp.c:63:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LSW_SECCOMP_ADD(ctx, access);
data/libreswan-3.32/programs/pluto/plutomain.c:644:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&line[lw], chunk);
data/libreswan-3.32/programs/pluto/plutomain.c:1374:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(cfg->setup.strings[KSF_STATSBINARY], X_OK) == 0) {
data/libreswan-3.32/programs/pluto/retry.c:97:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(story, sizeof(story), try_limit == 0 ?
data/libreswan-3.32/programs/pluto/retry.c:212:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(story, sizeof(story), try_limit == 0 ?
data/libreswan-3.32/programs/pluto/server.c:1453:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addconn_path_space + n, addconn_name);
data/libreswan-3.32/programs/pluto/server.c:1455:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(addconn_path_space, X_OK) < 0)
data/libreswan-3.32/programs/pluto/show.c:313:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(buf) == -1) {
data/libreswan-3.32/programs/pluto/virtual.c:457:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(all, sep); /* safe: see allocation above */
data/libreswan-3.32/programs/pluto/virtual.c:458:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(all, sn); /* safe: see allocation above */
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(configfile, confdir); /* safe: see allocation above */
data/libreswan-3.32/programs/spi/spi.c:382:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%d %d %d %d %d %d %s",
data/libreswan-3.32/programs/spi/spi.c:666:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(progname, room, combine_fmt,
data/libreswan-3.32/programs/spi/spi.c:1161:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system("cat /proc/net/ipsec_spi");
data/libreswan-3.32/programs/spigrp/spigrp.c:136:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(b, room, combine_fmt,
data/libreswan-3.32/programs/spigrp/spigrp.c:163:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system("cat /proc/net/ipsec_spigrp");
data/libreswan-3.32/programs/tncfg/tncfg.c:249:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(b, room, combine_fmt,
data/libreswan-3.32/programs/tncfg/tncfg.c:269:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system("cat /proc/net/ipsec_tncfg");
data/libreswan-3.32/programs/whack/whack.c:2639:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ctl_addr.sun_path, R_OK | W_OK) < 0) {
data/libreswan-3.32/testing/check/enum/enumcheck.c:58:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "jam_enum %d: ", i);
data/libreswan-3.32/testing/check/enum/enumcheck.c:70:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "search %s: ", name);
data/libreswan-3.32/testing/check/enum/enumcheck.c:80:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "match %s: ", name);
data/libreswan-3.32/testing/check/enum/enumcheck.c:94:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "match "PRI_SHUNK" [trunc]: ",
data/libreswan-3.32/testing/check/enum/enumcheck.c:105:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "short_name %d: ", i);
data/libreswan-3.32/testing/check/enum/enumcheck.c:115:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "jam_enum_short %d: ", i);
data/libreswan-3.32/testing/check/enum/enumcheck.c:132:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "match %s [short]: ", short_name);
data/libreswan-3.32/testing/check/enum/enumcheck.c:144:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "match %s [short+trunc]: ", trunc_short_name);
data/libreswan-3.32/testing/check/enum/enumcheck.c:195:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "enum_enum_table %lu: ", table);
data/libreswan-3.32/testing/check/enum/enumcheck.c:203:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "enum_enum_name %lu %lu: ", table, val);
data/libreswan-3.32/testing/check/enum/enumcheck.c:211:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "enum_name table %lu: ", val);
data/libreswan-3.32/testing/check/enum/enumcheck.c:221:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "jam_enum_enum %lu %lu: ", table, val);
data/libreswan-3.32/testing/check/enum/enumcheck.c:238:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PREFIX "jam_enum_enum_short %lu %lu: ", table, val);
data/libreswan-3.32/testing/check/enum/enumcheck.c:260:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PRI_SHUNK, pri_shunk(jambuf_as_shunk(&buf)));
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:40:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FMT,##__VA_ARGS__); \
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:147:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, FMT,##__VA_ARGS__); \
data/libreswan-3.32/contrib/c-swan/is_encrypted.c:44:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "", long_options, &option_index);
data/libreswan-3.32/contrib/ldsaref/saref.c:31:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
str = getenv("IPSEC_SAREF");
data/libreswan-3.32/programs/addconn/addconn.c:239:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
data/libreswan-3.32/programs/eroute/eroute.c:166:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv,
data/libreswan-3.32/programs/klipsdebug/klipsdebug.c:127:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "" /*"s:c:anhvl:+:d"*/,
data/libreswan-3.32/programs/pf_key/pf_key.c:350:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "hd:e:f:",
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1487:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *padstr = getenv("PLUTO_UNALIGNED_R1_MSG");
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1748:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *padstr = getenv("PLUTO_UNALIGNED_I2_MSG");
data/libreswan-3.32/programs/pluto/pluto_crypt.c:712:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envdelay = getenv("PLUTO_CRYPTO_HELPER_DELAY");
data/libreswan-3.32/programs/pluto/plutomain.c:747:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "", long_opts, &longindex);
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:74:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "", longopts, 0)) != EOF) {
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:147:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF)
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:223:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/libreswan-3.32/programs/showhostkey/showhostkey.c:353:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) {
data/libreswan-3.32/programs/spi/spi.c:587:14: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv,
data/libreswan-3.32/programs/whack/whack.c:1012:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "", long_opts, &long_index)
data/libreswan-3.32/testing/cert_verify/verify.c:263:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "u:d:e:pn:s:coSPr")) != -1) {
data/libreswan-3.32/contrib/c-swan/is_encrypted.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source_ip[IPLEN + 1], dest_ip[IPLEN + 1];
data/libreswan-3.32/contrib/c-swan/is_encrypted.c:59:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/libreswan-3.32/contrib/c-swan/swan.c:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[8];
data/libreswan-3.32/contrib/c-swan/swan.c:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *params[8];
data/libreswan-3.32/contrib/c-swan/swan.c:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[128];
data/libreswan-3.32/contrib/c-swan/swan.c:187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[128];
data/libreswan-3.32/contrib/c-swan/swan.c:188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[128];
data/libreswan-3.32/contrib/c-swan/swan.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char priority[128];
data/libreswan-3.32/contrib/c-swan/swan.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto[128];
data/libreswan-3.32/contrib/c-swan/swan.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reqid[128];
data/libreswan-3.32/contrib/c-swan/swan.c:202:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int prio = atoi(parsed.priority);
data/libreswan-3.32/contrib/c-swan/swan.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[16];
data/libreswan-3.32/contrib/c-swan/swan.c:267:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_str, "%d", port);
data/libreswan-3.32/contrib/cisco-decrypt/cisco-decrypt.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ht[20], h2[20], h3[20], key[24];
data/libreswan-3.32/contrib/cisco-decrypt/cisco-decrypt.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ht, h1, 20);
data/libreswan-3.32/contrib/cisco-decrypt/cisco-decrypt.c:105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, h2, 20);
data/libreswan-3.32/contrib/cisco-decrypt/cisco-decrypt.c:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key + 20, h3, 4);
data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c:62:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srv_sock_port = atoi(argv[1]);
data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&srv_sock_addr.sin6_addr, &in6addr_any,
data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cli_sock_addr_str[INET6_ADDRSTRLEN + 1];
data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[RECV_BUF_LEN + 1];
data/libreswan-3.32/contrib/lucent/UDP501encap.c:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZE];
data/libreswan-3.32/contrib/lucent/UDP501encap.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPayload,
data/libreswan-3.32/contrib/lucent/UDP501encap.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, org, ip_header_len);
data/libreswan-3.32/contrib/lucent/UDP501encap.c:154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, org, ip_len);
data/libreswan-3.32/include/chunk.h:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DST, hunk_.ptr, SIZE); \
data/libreswan-3.32/include/constants.h:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[(sizeof(unsigned long) * 241 + 99) / 100 + sizeof("??")];
data/libreswan-3.32/include/deltatime.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("-18446744073709551615.1000000")+1/*canary*/]; /* true length ???? */
data/libreswan-3.32/include/id.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libreswan-3.32/include/ip_address.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[(4+1)*8/*0000:...*/ + 1/*\0*/ + 1/*CANARY*/];
data/libreswan-3.32/include/ip_address.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("4.0.0.0.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.1.0.0.0.IP6.ARPA.") + 1];
data/libreswan-3.32/include/ip_endpoint.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1/*[*/ + sizeof(address_buf) + 1/*]*/ + 5/*:65535*/];
data/libreswan-3.32/include/ip_range.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(address_buf) + 1/*"-"*/ + sizeof(address_buf)];
data/libreswan-3.32/include/ip_said.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5 + ULTOT_BUF + 1 + sizeof(address_buf)];
data/libreswan-3.32/include/ip_subnet.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(address_buf) + 4/*/NNN*/ + 6/*:65535*/];
data/libreswan-3.32/include/ipsecconf/confread.h:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char *ksf[KEY_STRINGS_ROOF];
data/libreswan-3.32/include/ipsecconf/parser-controls.h:23:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char rootdir[PATH_MAX]; /* when evaluating paths, prefix this to them */
data/libreswan-3.32/include/ipsecconf/parser-controls.h:24:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char rootdir2[PATH_MAX]; /* when evaluating paths, alternatively prefix this to them */
data/libreswan-3.32/include/klips-crypto/des.h:88:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char des_cblock[8];
data/libreswan-3.32/include/lex.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_TOK_LEN + 1]; /* note: one extra char for our use (jamming '"') */
data/libreswan-3.32/include/libreswan/ipsec_md5h.h:30:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/libreswan-3.32/include/libreswan/ipsec_sa.h:254:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ips_track[IPSEC_REFSA + 1];
data/libreswan-3.32/include/libreswan/ipsec_sha1.h:27:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[SHA1_DIGEST_SIZE], void *context);
data/libreswan-3.32/include/libreswan/ipsec_tunnel.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfu_name[12];
data/libreswan-3.32/include/libreswan/ipsec_xform.h:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libreswan-3.32/include/libreswan/ipsec_xform.h:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libreswan-3.32/include/lswlog.h:414:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
for (char lswbuf[LOG_WIDTH], \
data/libreswan-3.32/include/lswnss.h:37:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char lsw_nss_buf_t[100];
data/libreswan-3.32/include/monotime.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("-18446744073709551615.1000000")+1/*canary*/]; /* true length ???? */
data/libreswan-3.32/include/netlink_attrib.h:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[NETLINK_REQ_DATA_SIZE];
data/libreswan-3.32/include/proposals.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[200];
data/libreswan-3.32/include/realtime.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof("--- -- --:--:-- UTC ----")+1/*canary*/];
data/libreswan-3.32/include/secrets.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[KEYID_BUF]; /* see ipsec_keyblobtoid(3) */
data/libreswan-3.32/include/secrets.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[KEYID_BUF];
data/libreswan-3.32/include/whack.h:397:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char string[4096];
data/libreswan-3.32/include/x509.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512/*includes NUL and SENTINEL*/];
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isrbuf[1024];
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abuf[NI_MAXHOST * 2 + 2];
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST];
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ipsup, sup, properlen);
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(alg0, alg, sizeof(*alg0));
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:493:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &spirange, sizeof(spirange));
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:1573:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, policy, policylen);
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:1625:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &xpl, sizeof(xpl));
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:2073:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, saddr, saddr->sa_len);
data/libreswan-3.32/lib/libbsdpfkey/pfkey.c:2102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, key, keylen);
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:366:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[NI_MAXSERV];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:507:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NI_MAXHOST];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:527:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefbuf[128];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:529:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[128];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:598:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/libreswan-3.32/lib/libbsdpfkey/pfkey_dump.c:605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, t0 + 4, 20);
data/libreswan-3.32/lib/libbsdpfkey/test-policy.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getbuf[1024];
data/libreswan-3.32/lib/libbsdpfkey/test-policy.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(getbuf, policy, sizeof(struct sadb_x_policy));
data/libreswan-3.32/lib/libcrypto/libserpent/test_main.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[SIZE + 1], buf1[SIZE + 1];
data/libreswan-3.32/lib/libcrypto/libserpent/test_main.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IV[BLOCK_SIZE];
data/libreswan-3.32/lib/libcrypto/libtwofish/test_main.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[SIZE + 1], buf1[SIZE + 1];
data/libreswan-3.32/lib/libcrypto/libtwofish/test_main.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char IV[BLOCK_SIZE];
data/libreswan-3.32/lib/libipsecconf/confread.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_err[512];
data/libreswan-3.32/lib/libipsecconf/confread.c:228:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nerr, perrl->errors, ol);
data/libreswan-3.32/lib/libipsecconf/confread.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nerr[ol + 1], tmp_err, al + 1);
data/libreswan-3.32/lib/libipsecconf/confread.c:809:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_err[512];
data/libreswan-3.32/lib/libipsecconf/confread.c:869:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_err[512];
data/libreswan-3.32/lib/libipsecconf/confread.c:915:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, s, old_len);
data/libreswan-3.32/lib/libipsecconf/confread.c:917:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n + old_len + 1, kw->string, new_len + 1); /* includes '\0' */
data/libreswan-3.32/lib/libipsecconf/confread.c:929:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_err[512];
data/libreswan-3.32/lib/libipsecconf/confread.c:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_err[512];
data/libreswan-3.32/lib/libipsecconf/confread.c:1160:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ra, alsos, alsosize * sizeof(char *));
data/libreswan-3.32/lib/libipsecconf/confread.c:1164:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ra + alsosize, newalsos,
data/libreswan-3.32/lib/libipsecconf/confwrite.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[32] = "%any";
data/libreswan-3.32/lib/libipsecconf/confwrite.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protostr[32] = "%any";
data/libreswan-3.32/lib/libipsecconf/confwrite.c:471:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const noyes[2 /*bool*/] = {"no", "yes"};
data/libreswan-3.32/lib/libipsecconf/keywords.c:759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char complaintbuf[80];
data/libreswan-3.32/lib/libipsecconf/starterlog.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[BUFF_SIZE];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthusername[MAX_XAUTH_USERNAME_LEN],
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthpass[XAUTH_MAX_PASS_LENGTH],
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4097]; /* arbitrary limit on log line length */
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthusername[MAX_XAUTH_USERNAME_LEN];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthpass[XAUTH_MAX_PASS_LENGTH];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:302:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_buf[TTODATAV_BUF];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyspace[1024 + 4];
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpconnname[256];
data/libreswan-3.32/lib/libswan/DBG_dump.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4 * (1 + 4 * 3) + 1];
data/libreswan-3.32/lib/libswan/addr_lookup.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *interface,
data/libreswan-3.32/lib/libswan/addr_lookup.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer[ADDRTOT_BUF], /* result, if any */
data/libreswan-3.32/lib/libswan/addr_lookup.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_interface[IF_NAMESIZE+1];
data/libreswan-3.32/lib/libswan/addr_lookup.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_source[ADDRTOT_BUF];
data/libreswan-3.32/lib/libswan/addr_lookup.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_gateway[ADDRTOT_BUF];
data/libreswan-3.32/lib/libswan/addr_lookup.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_destination[ADDRTOT_BUF];
data/libreswan-3.32/lib/libswan/addrtot.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + ADDRTOT_BUF + 1]; /* :address: */
data/libreswan-3.32/lib/libswan/addrtot.c:85:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, p, dstlen - 1);
data/libreswan-3.32/lib/libswan/addrtot.c:221:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "IN-ADDR.ARPA.");
data/libreswan-3.32/lib/libswan/addrtot.c:252:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "IP6.ARPA.");
data/libreswan-3.32/lib/libswan/alloc.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, orig, size);
data/libreswan-3.32/lib/libswan/asn1.c:168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_val->ptr,blob->ptr,len_r);
data/libreswan-3.32/lib/libswan/asn1.c:188:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig_val->ptr+len_r,blob->ptr,len_s);
data/libreswan-3.32/lib/libswan/base64_pubkey.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, exponent.ptr, exponent.len);
data/libreswan-3.32/lib/libswan/base64_pubkey.c:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, modulus.ptr, modulus.len);
data/libreswan-3.32/lib/libswan/base64_pubkey.c:229:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ecdsa->keyid, pubkey->ptr, KEYID_BUF-1);
data/libreswan-3.32/lib/libswan/chunk.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cat.ptr, lhs.ptr, lhs.len);
data/libreswan-3.32/lib/libswan/chunk.c:55:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cat.ptr + lhs.len, rhs.ptr, rhs.len);
data/libreswan-3.32/lib/libswan/chunk.c:67:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(string, chunk.ptr, chunk.len);
data/libreswan-3.32/lib/libswan/chunk.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3] = { pos[0], pos[1], '\0' };
data/libreswan-3.32/lib/libswan/ckaid.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[2] = { *p, };
data/libreswan-3.32/lib/libswan/constants.c:69:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, copy_len);
data/libreswan-3.32/lib/libswan/datatot.c:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inblock[10]; /* enough for any format */
data/libreswan-3.32/lib/libswan/datatot.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outblock[10]; /* enough for any format */
data/libreswan-3.32/lib/libswan/datatot.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[1]; /* fake output area for dstlen == 0 */
data/libreswan-3.32/lib/libswan/datatot.c:123:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inblock, src, ntodo);
data/libreswan-3.32/lib/libswan/datatot.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, out, stop - dst);
data/libreswan-3.32/lib/libswan/debug.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name[DBG_roof_IX - DBG_floor_IX];
data/libreswan-3.32/lib/libswan/debug.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *help[DBG_roof_IX - DBG_floor_IX];
data/libreswan-3.32/lib/libswan/diag.c:44:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mydiag_space[LOG_WIDTH];
data/libreswan-3.32/lib/libswan/diag.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[sizeof(mydiag_space)]; /* build result here first */
data/libreswan-3.32/lib/libswan/ike_alg.c:106:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *names[IKE_ALG_KEY_ROOF] = {
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pk11_param->data + 2, pk11_data->oid.data, pk11_data->oid.len);
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ke, (*pubk)->u.ec.publicValue.data, group->bytes);
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ke, (*pubk)->u.ec.publicValue.data + 1, group->bytes);
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(remote_pubk.u.ec.publicValue.data, remote_ke, sizeof_remote_ke);
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_ecp_ops.c:160:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(remote_pubk.u.ec.publicValue.data + 1, remote_ke, sizeof_remote_ke);
data/libreswan-3.32/lib/libswan/ike_alg_dh_nss_modp_ops.c:83:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ke, (*pubk)->u.dh.publicValue.data, group->bytes);
data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_aead_ops.c:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text_and_tag, out_buf, out_len);
data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_cbc_ops.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, new_iv, alg->enc_blocksize);
data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_cbc_ops.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in_buf, out_buf, in_buf_len);
data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_ctr_ops.c:77:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, out_buf, buf_len);
data/libreswan-3.32/lib/libswan/ike_alg_encrypt_nss_gcm_ops.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text_and_tag, out_buf, out_len);
data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev1_nss_ops.c:215:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, SPI.ptr, SPI.len);
data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev1_nss_ops.c:217:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, Ni_b.ptr, Ni_b.len);
data/libreswan-3.32/lib/libswan/ike_alg_prf_ikev1_nss_ops.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, Nr_b.ptr, Nr_b.len);
data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_hmac_ops.c:97:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static /*const*/ unsigned char z[MAX_HMAC_BLOCKSIZE] = { 0 };
data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_hmac_ops.c:105:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip[MAX_HMAC_BLOCKSIZE];
data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_hmac_ops.c:144:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char op[MAX_HMAC_BLOCKSIZE];
data/libreswan-3.32/lib/libswan/ike_alg_prf_mac_xcbc_ops.c:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, mac.ptr, sizeof_bytes);
data/libreswan-3.32/lib/libswan/ike_alg_serpent.c:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv_bak, new_iv, SERPENT_CBC_BLOCK_SIZE);
data/libreswan-3.32/lib/libswan/ike_alg_serpent.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, new_iv, SERPENT_CBC_BLOCK_SIZE);
data/libreswan-3.32/lib/libswan/ike_alg_twofish.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv_bak[TWOFISH_CBC_BLOCK_SIZE];
data/libreswan-3.32/lib/libswan/ike_alg_twofish.c:60:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_iv = iv_bak,
data/libreswan-3.32/lib/libswan/ike_alg_twofish.c:70:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv, new_iv, TWOFISH_CBC_BLOCK_SIZE);
data/libreswan-3.32/lib/libswan/impair.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name[IMPAIR_roof_IX - IMPAIR_floor_IX];
data/libreswan-3.32/lib/libswan/impair.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *help[IMPAIR_roof_IX - IMPAIR_floor_IX];
data/libreswan-3.32/lib/libswan/initaddr.c:41:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in, data, sizeof_data);
data/libreswan-3.32/lib/libswan/initaddr.c:49:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6, data, sizeof_data);
data/libreswan-3.32/lib/libswan/ip_address.c:31:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address.bytes, bytes.ptr, bytes.len);
data/libreswan-3.32/lib/libswan/ip_address.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u, s.ptr, s.len);
data/libreswan-3.32/lib/libswan/ip_address.c:112:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char seps[2] = { sepc == 0 ? '.' : sepc, 0, };
data/libreswan-3.32/lib/libswan/ip_address.c:124:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char seps[2] = { sepc == 0 ? ':' : sepc, 0, };
data/libreswan-3.32/lib/libswan/ip_endpoint.c:304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr.ptr, src_addr.ptr, src_addr.len);
data/libreswan-3.32/lib/libswan/ip_said.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10 + 1 + ULTOT_BUF + ADDRTOT_BUF];
data/libreswan-3.32/lib/libswan/ip_said.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intunk[10];
data/libreswan-3.32/lib/libswan/ip_said.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[SATOT_BUF];
data/libreswan-3.32/lib/libswan/jambuf.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, buf->dots, strlen(buf->dots) + 1);
data/libreswan-3.32/lib/libswan/jambuf.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d.cursor, string, n);
data/libreswan-3.32/lib/libswan/jambuf.c:164:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d.cursor, string, d.size - 1);
data/libreswan-3.32/lib/libswan/kernel_xfrm_reply.c:72:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, *pbuf, msglen);
data/libreswan-3.32/lib/libswan/keyblobtoid.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[KEYID_BUF];
data/libreswan-3.32/lib/libswan/keyblobtoid.c:36:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "?len= ?");
data/libreswan-3.32/lib/libswan/keyblobtoid.c:65:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[KEYID_BUF]; /* ample room */
data/libreswan-3.32/lib/libswan/keyblobtoid.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, e, n);
data/libreswan-3.32/lib/libswan/keyblobtoid.c:96:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, m, n);
data/libreswan-3.32/lib/libswan/keyblobtoid.c:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libreswan-3.32/lib/libswan/lex.c:46:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(name, "r");
data/libreswan-3.32/lib/libswan/lset.c:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bitnamesbuf[8192]; /* I hope that it is big enough! */
data/libreswan-3.32/lib/libswan/lswconf.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX];
data/libreswan-3.32/lib/libswan/lswconf.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selinux_flag[1];
data/libreswan-3.32/lib/libswan/lswconf.c:183:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fd = fopen("/sys/fs/selinux/enforce", "r");
data/libreswan-3.32/lib/libswan/lswconf.c:187:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("/selinux/enforce", "r");
data/libreswan-3.32/lib/libswan/netlink_attrib.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(rta), data, alen);
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOT_BUF + 6 /*extra for port number*/];
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:513:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_address + sizeof(struct sadb_address),
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:587:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_key + sizeof(struct sadb_key),
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:667:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_ident + sizeof(struct sadb_ident),
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:801:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combp, &(comb[i]), sizeof(struct sadb_comb));
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfkey_alg, &(alg[i]), sizeof(struct sadb_alg));
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:1402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pfkey_msg,
data/libreswan-3.32/lib/libswan/pfkey_v2_build.c:1440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfkey_ext,
data/libreswan-3.32/lib/libswan/pfkey_v2_debug.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *pfkey_sadb_type_strings[K_SADB_MAX + 1] = {
data/libreswan-3.32/lib/libswan/pfkey_v2_parse.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOT_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:672:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RSA_MAX_ENCODING_BYTES]; /*
data/libreswan-3.32/lib/libswan/secrets.c:679:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_space[TTODATAV_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RSA_MAX_ENCODING_BYTES]; /*
data/libreswan-3.32/lib/libswan/secrets.c:720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_space[TTODATAV_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RSA_MAX_ENCODING_BYTES]; /*
data/libreswan-3.32/lib/libswan/secrets.c:777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_space[TTODATAV_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:854:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bv[RSA_MAX_ENCODING_BYTES];
data/libreswan-3.32/lib/libswan/secrets.c:856:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char diag_space[TTODATAV_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:1044:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_TOK_LEN]; /*
data/libreswan-3.32/lib/libswan/secrets.c:1072:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fn, flp->filename, pl);
data/libreswan-3.32/lib/libswan/secrets.c:1087:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, flp->tok, flp->cur - flp->tok + 1);
data/libreswan-3.32/lib/libswan/secrets.c:1487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[KEYID_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:1504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyid, nsspk->u.ec.publicValue.data, KEYID_BUF-1);
data/libreswan-3.32/lib/libswan/secrets.c:1670:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyid[KEYID_BUF];
data/libreswan-3.32/lib/libswan/secrets.c:1672:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyid, pubk->u.ec.publicValue.data, KEYID_BUF-1);
data/libreswan-3.32/lib/libswan/shunk.c:181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64] = ""; /* NUL fill */
data/libreswan-3.32/lib/libswan/ttoaddr.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[100]; /* enough for most DNS names */
data/libreswan-3.32/lib/libswan/ttodata.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4]; /* output from conversion */
data/libreswan-3.32/lib/libswan/ttodata.c:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stage[4]; /* staging area for group */
data/libreswan-3.32/lib/libswan/ttodata.c:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libreswan-3.32/lib/libswan/ttodata.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigenough[TTODATAV_BUF - REQD]; /* see above */
data/libreswan-3.32/lib/libswan/ttodata.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libreswan-3.32/lib/libswan/ttodata.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/libreswan-3.32/lib/libswan/ttodata.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[512];
data/libreswan-3.32/lib/libswan/ttodata.c:645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libreswan-3.32/lib/libswan/ttodata.c:712:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "---");
data/libreswan-3.32/lib/libswan/ttoprotoport.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proto_name[16];
data/libreswan-3.32/lib/libswan/ttoprotoport.c:58:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proto_name, src, proto_len);
data/libreswan-3.32/lib/libswan/ultot.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3 * sizeof(unsigned long) + 1];
data/libreswan-3.32/lib/libswan/unbound.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INET6_ADDRSTRLEN];
data/libreswan-3.32/lib/libswan/v2_proposals.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[sizeof(parser->error)] = "";
data/libreswan-3.32/lib/libswan/x509dn.c:614:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[MAX_BUF][IDTOA_BUF];
data/libreswan-3.32/lib/libswan/x509dn.c:655:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *(patchpoint[5]); /* only 4 are actually needed */
data/libreswan-3.32/lib/libswan/x509dn.c:671:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dn_ptr, (ptr), (len)); \
data/libreswan-3.32/lib/libswan/x509dn.c:681:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len_buf[ASN1_MAX_LEN_LEN + 1] = { ty }; \
data/libreswan-3.32/lib/libswan/x509dn.c:687:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ppp, len_buf, obj_len.len + 1); \
data/libreswan-3.32/lib/libswan/x509dn.c:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3] = { src[0], src[1], };
data/libreswan-3.32/lib/libswan/x509dn.c:805:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[3] = { src[1], src[2], };
data/libreswan-3.32/lib/libwhack/whacklib.c:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wp->str_next, wp->msg->keyval.ptr, wp->msg->keyval.len);
data/libreswan-3.32/lib/libwhack/whacklib.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, secret, trunc_len);
data/libreswan-3.32/linux/include/cryptodev.h:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; /* device/driver name */
data/libreswan-3.32/linux/include/des/podd.h:59:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char odd_parity[256] = {
data/libreswan-3.32/linux/include/ip_address.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char private_buf[ADDRTOT_BUF]; /* defined in libreswan.h */
data/libreswan-3.32/linux/include/klips-crypto/des.h:88:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char des_cblock[8];
data/libreswan-3.32/linux/include/libreswan.h:175:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sbox[256];
data/libreswan-3.32/linux/include/libreswan/ipsec_alg.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ixt_name[16]; /* descriptive short name, eg. "3des" */ \
data/libreswan-3.32/linux/include/libreswan/ipsec_mast.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfu_name[12];
data/libreswan-3.32/linux/include/libreswan/ipsec_md5h.h:30:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/libreswan-3.32/linux/include/libreswan/ipsec_rcv.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char packet_template[IPSEC_BIRTH_TEMPLATE_MAXLEN];
data/libreswan-3.32/linux/include/libreswan/ipsec_rcv.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/include/libreswan/ipsec_rcv.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipsaddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/include/libreswan/ipsec_rcv.h:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipdaddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/include/libreswan/ipsec_sa.h:254:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ips_track[IPSEC_REFSA + 1];
data/libreswan-3.32/linux/include/libreswan/ipsec_sha1.h:27:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[SHA1_DIGEST_SIZE], void *context);
data/libreswan-3.32/linux/include/libreswan/ipsec_tunnel.h:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfu_name[12];
data/libreswan-3.32/linux/include/libreswan/ipsec_xform.h:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libreswan-3.32/linux/include/libreswan/ipsec_xform.h:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/libreswan-3.32/linux/include/libreswan/ipsec_xmit.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_txt[SATOT_BUF];
data/libreswan-3.32/linux/include/ocf-compat.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; /* the driver name */
data/libreswan-3.32/linux/include/ocf-compat.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameunit[32]; /* the driver name + HW instance */
data/libreswan-3.32/linux/include/ocf-compat.h:153:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, l) memcpy(d, s, l)
data/libreswan-3.32/linux/include/ocf-compat.h:153:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(s, d, l) memcpy(d, s, l)
data/libreswan-3.32/linux/include/ocf-compat.h:235:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
({ strncpy(dest, src, (len) - 1); ((char *)dest)[(len) - 1] = '\0'; })
data/libreswan-3.32/linux/include/ocf-compat.h:367:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((t)->comm, "stopping"); \
data/libreswan-3.32/linux/include/zlib/zutil.h:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *z_errmsg[10]; /* indexed by 2-zlib_error */
data/libreswan-3.32/linux/include/zlib/zutil.h:107:2: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/libreswan-3.32/linux/include/zlib/zutil.h:152:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/libreswan-3.32/linux/include/zlib/zutil.h:183:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/libreswan-3.32/linux/net/ipsec/addrtoa.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFLEN];
data/libreswan-3.32/linux/net/ipsec/addrtot.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + ADDRTOT_BUF + 1]; /* :address: */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1 + ADDRTOT_BUF + 1]; /* :address: */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:318:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "IN-ADDR.ARPA.");
data/libreswan-3.32/linux/net/ipsec/addrtot.c:349:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "IP6.ARPA.");
data/libreswan-3.32/linux/net/ipsec/addrtot.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[100];
data/libreswan-3.32/linux/net/ipsec/addrtot.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/libreswan-3.32/linux/net/ipsec/addrtypeof.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, p, ncopy);
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:131:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0]) | \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:132:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((u_int32_t)(((unsigned char *)(x))[1]) << \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:134:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((u_int32_t)(((unsigned char *)(x))[2]) << \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:135:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
16) | ((u_int32_t)(((unsigned char *)(x))[3]) << 24))
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:136:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0 \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:138:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const u_int32_t)(((const unsigned char *)(x))[ \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:141:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const u_int32_t)(((const unsigned char *)(x))[ \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:144:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const u_int32_t)(((const unsigned char *)(x))[ \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:147:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
v) ((unsigned char *)(x))[0] = (v), \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:148:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(x))[1] = \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:149:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((v) >> 8), ((unsigned char *)(x))[2] = ((v) >> 16), \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:150:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)(x))[3] = ((v) >> 24)
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:152:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
v) ((const unsigned char *)(x))[0] = (v), \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:153:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const unsigned char *)(x))[1] = ((v) >> 8), \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:154:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const unsigned char *)(x))[2] = ((v) >> 16), \
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:155:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((const unsigned char *)(x))[3] = ((v) >> 24)
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:212:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char s_box[256] =
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:250:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char inv_s_box[256] =
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:880:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char s_box[256]; // the S box
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:881:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char inv_s_box[256]; // the inverse S box
data/libreswan-3.32/linux/net/ipsec/aes/aes.c:1001:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pow[512], log[256];
data/libreswan-3.32/linux/net/ipsec/aes/ipsec_alg_aes.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_buf[16];
data/libreswan-3.32/linux/net/ipsec/aes/ipsec_alg_aes.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, hash_buf, hashlen);
data/libreswan-3.32/linux/net/ipsec/datatot.c:35:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inblock[10]; /* enough for any format */
data/libreswan-3.32/linux/net/ipsec/datatot.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outblock[10]; /* enough for any format */
data/libreswan-3.32/linux/net/ipsec/datatot.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fake[1]; /* fake output area for dstlen == 0 */
data/libreswan-3.32/linux/net/ipsec/datatot.c:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inblock, src, ntodo);
data/libreswan-3.32/linux/net/ipsec/datatot.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, out, stop - dst);
data/libreswan-3.32/linux/net/ipsec/des/des_opts.c:428:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[BUFSIZE];
data/libreswan-3.32/linux/net/ipsec/des/des_opts.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str[16];
data/libreswan-3.32/linux/net/ipsec/initaddr.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&dst->u.v4.sin_addr.s_addr, src, srclen);
data/libreswan-3.32/linux/net/ipsec/initaddr.c:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&dst->u.v6.sin6_addr, src, srclen);
data/libreswan-3.32/linux/net/ipsec/ipcomp.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) iph + iphlen + sizeof(struct ipcomphdr),
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:169:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,(caddr_t)&ipo, sizeof(struct iphdr));
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, (caddr_t)ahp, ahhlen - AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, (caddr_t)zeroes, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, (caddr_t)skb_transport_header(skb) + ahhlen, skb->len - ahhlen);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tctx, irs->ictx, irs->ictx_len);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:212:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tctx, irs->octx, irs->octx_len);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_ah.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_alg.c:814:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_tmp, test_enc, BUFSZ);
data/libreswan-3.32/linux/net/ipsec/ipsec_alg.c:826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test_dec, test_enc, BUFSZ);
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ivp[ivsize];
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ivp, iv, ivsize);
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:766:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash_buf[512];
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:798:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, hash_buf, hashlen);
data/libreswan-3.32/linux/net/ipsec/ipsec_esp.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tctx, irs->ictx, irs->ictx_len);
data/libreswan-3.32/linux/net/ipsec/ipsec_esp.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tctx, irs->octx, irs->octx_len);
data/libreswan-3.32/linux/net/ipsec/ipsec_esp.c:527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dat[ixs->skb->len - ixs->authlen]), hash,
data/libreswan-3.32/linux/net/ipsec/ipsec_esp.c:544:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(dat[ixs->skb->len - ixs->authlen]), hash,
data/libreswan-3.32/linux/net/ipsec/ipsec_init.c:211:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[256];
data/libreswan-3.32/linux/net/ipsec/ipsec_ipcomp.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa2[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr_txt[ADDRTOA_BUF], daddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr_txt[ADDRTOA_BUF], daddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:994:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(im->name, name, IFNAMSIZ);
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:69:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MD5_memcpy memcpy
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:73:32: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MD5_memcpy(_a, _b, _c) bcopy((_b), (_a), (_c))
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:80:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:186:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16]; /* message digest */
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:219:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[64];
data/libreswan-3.32/linux/net/ipsec/ipsec_md5c.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/libreswan-3.32/linux/net/ipsec/ipsec_ocf.c:228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nskb->head, irs->skb->head, skb_headroom(irs->skb));
data/libreswan-3.32/linux/net/ipsec/ipsec_ocf.c:661:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(irs->hash, irs->authenticator, 12);
data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_s[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_d[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_proc.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:191:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:196:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:228:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[sizeof(struct sockaddr_encap) * 2 + 1],
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:237:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b1, "%02x", ea[i]);
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b2, "%02x", em[i]);
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:291:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retrt->er_ident_s.data, ident_s->data,
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retrt->er_ident_d.data, ident_d->data,
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[ADDRTOA_BUF], buf2[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:454:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[16];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:477:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1 + buf_len, ":%d", ntohs(key->sen_sport6));
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:489:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2 + buf_len, ":%d", ntohs(key->sen_dport6));
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:499:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf1 + buf_len - 1, ":%d",
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:504:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2 + buf_len - 1, ":%d",
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:512:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf3, ":%d", key->sen_proto);
data/libreswan-3.32/linux/net/ipsec/ipsec_radij.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[SUBNETTOA_BUF], buf2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:253:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[32];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:552:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa2[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:579:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr1[SUBNETTOA_BUF], saddr2[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:783:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sflow_txt[SUBNETTOA_BUF], dflow_txt[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_rcv.c:1165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_saddr_txt[ADDRTOA_BUF] = { 0, };
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:397:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SUBNETTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:624:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:980:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:1166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:1170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:1171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr2_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_sa.c:1175:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kb[AHMD596_BLKLEN];
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:59:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char workspace[64];
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:195:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64 - j));
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:207:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void SHA1Final(unsigned char digest[SHA1_DIGEST_SIZE], void *vcontext)
data/libreswan-3.32/linux/net/ipsec/ipsec_sha1.c:210:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsrc[ADDRTOT_BUF + 1], tdst[ADDRTOT_BUF + 1];
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edst[ADDRTOT_BUF + 1];
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:708:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edst, "0", 2);
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:858:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ixs->ips.ips_ident_s.data,
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:883:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ixs->ips.ips_ident_d.data,
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:1557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realphysname[IFNAMSIZ];
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:2126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->head + headroom, skb->head, skb->end - skb->head);
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->proto_priv, skb->proto_priv, sizeof(skb->proto_priv));
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmp[32];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ixs->espp->esp_iv,
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1037:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ixs->dat[ixs->len - ixs->authlen]), hash,
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1054:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ixs->dat[ixs->len - ixs->authlen]), hash,
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, (unsigned char *)&ipo,sizeof(struct iphdr));
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, (unsigned char*)ahp,ixs->headroom - sizeof(ahp->ah_data));
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, (unsigned char *)zeroes, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1143:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+len, ixs->dat + ixs->iphlen + ixs->headroom, ixs->len - ixs->iphlen - ixs->headroom);
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahp->ah_data, hash, AHHMAC_HASHLEN);
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1598:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1757:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufsrc[ADDRTOA_BUF], bufdst[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:1900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufsrc[ADDRTOA_BUF], bufdst[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:2061:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ixs->sa_txt, "(error)");
data/libreswan-3.32/linux/net/ipsec/ipsec_xmit.c:2510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ixs->saved_header[0], &ixs->skb->data[0],
data/libreswan-3.32/linux/net/ipsec/pfkey_v2.c:638:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skb_transport_header(skb),
data/libreswan-3.32/linux/net/ipsec/pfkey_v2.c:1026:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)pfkey_reply, (void*)pfkey_msg,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOT_BUF + 6 /*extra for port number*/];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:513:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_address + sizeof(struct sadb_address),
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:587:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_key + sizeof(struct sadb_key),
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:667:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)pfkey_ident + sizeof(struct sadb_ident),
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:801:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combp, &(comb[i]), sizeof(struct sadb_comb));
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:886:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfkey_alg, &(alg[i]), sizeof(struct sadb_alg));
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:1402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*pfkey_msg,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_build.c:1440:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pfkey_ext,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_debug.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *pfkey_sadb_type_strings[K_SADB_MAX + 1] = {
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOA_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*sap, s, saddr_len);
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:577:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extr->ips->ips_key_a,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extr->ips->ips_key_e,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:644:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extr->ips->ips_ident_s.data,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_ext_process.c:666:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extr->ips->ips_ident_d.data,
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parse.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_txt[ADDRTOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:898:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:1043:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:1661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa1[SATOT_BUF], sa2[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:1918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:1942:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/linux/net/ipsec/pfkey_v2_parser.c:2214:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[64], buf2[64];
data/libreswan-3.32/linux/net/ipsec/prng.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[256];
data/libreswan-3.32/linux/net/ipsec/satot.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10 + 1 + ULTOT_BUF + ADDRTOT_BUF];
data/libreswan-3.32/linux/net/ipsec/satot.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unk[10];
data/libreswan-3.32/linux/net/ipsec/satot.c:85:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(unk, "unk");
data/libreswan-3.32/linux/net/ipsec/satot.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intunk[10];
data/libreswan-3.32/linux/net/ipsec/trees.c:329:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/libreswan-3.32/linux/net/ipsec/ultot.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3 * sizeof(unsigned long) + 1];
data/libreswan-3.32/linux/net/ipsec/zutil.c:18:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *z_errmsg[10] = {
data/libreswan-3.32/programs/_import_crl/_import_crl.c:87:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tlen = len = (size_t) atoi(argv[2]);
data/libreswan-3.32/programs/addconn/addconn.c:126:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LSW_SECCOMP_ADD(ctx, open);
data/libreswan-3.32/programs/addconn/addconn.c:363:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(configfile, "ipsec.conf"); /* safe: see allocation above */
data/libreswan-3.32/programs/cavp/cavp_parser.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[65536] = "";
data/libreswan-3.32/programs/cavp/test_ikev2.c:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spi_ir.initiator.bytes, spi_i.ptr, spi_i.len);
data/libreswan-3.32/programs/cavp/test_ikev2.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spi_ir.responder.bytes, spi_r.ptr, spi_r.len);
data/libreswan-3.32/programs/cavp/test_sha.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(MDi_3.ptr, seed.ptr, seed.len);
data/libreswan-3.32/programs/cavp/test_sha.c:141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(MDi_2.ptr, seed.ptr, seed.len);
data/libreswan-3.32/programs/cavp/test_sha.c:142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(MDi_1.ptr, seed.ptr, seed.len);
data/libreswan-3.32/programs/cavp/test_sha.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Mi.ptr + seed.len * 0, MDi_3.ptr, seed.len);
data/libreswan-3.32/programs/cavp/test_sha.c:152:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Mi.ptr + seed.len * 1, MDi_2.ptr, seed.len);
data/libreswan-3.32/programs/cavp/test_sha.c:153:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Mi.ptr + seed.len * 2, MDi_1.ptr, seed.len);
data/libreswan-3.32/programs/pf_key/pf_key.c:320:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pfkey_buf[256];
data/libreswan-3.32/programs/pf_key/pf_key.c:423:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((pidfile = fopen(pidfilename, "w")) == NULL) {
data/libreswan-3.32/programs/pf_key/pf_key.c:431:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pfkey_sock = open(infilename, O_RDONLY);
data/libreswan-3.32/programs/pluto/addresspool.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &addr_n, sizeof(addr_n));
data/libreswan-3.32/programs/pluto/addresspool.c:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thatstr[IDTOA_BUF + MAX_XAUTH_USERNAME_LEN];
data/libreswan-3.32/programs/pluto/connections.c:206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:1835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topo[CONN_BUF_LEN];
data/libreswan-3.32/programs/pluto/connections.c:1866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[100]; /* presumed large enough */
data/libreswan-3.32/programs/pluto/connections.c:2052:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2061:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF])
data/libreswan-3.32/programs/pluto/connections.c:2144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fmt_conn_instance(const struct connection *c, char buf[CONN_INST_BUF])
data/libreswan-3.32/programs/pluto/connections.c:2144:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fmt_conn_instance(const struct connection *c, char buf[CONN_INST_BUF])
data/libreswan-3.32/programs/pluto/connections.c:2277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2305:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instbuf[512];
data/libreswan-3.32/programs/pluto/connections.c:2367:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topo[CONN_BUF_LEN];
data/libreswan-3.32/programs/pluto/connections.c:2368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2894:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:2895:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b2[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:3020:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:3021:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b2[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:3102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.c:3662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char topo[CONN_BUF_LEN];
data/libreswan-3.32/programs/pluto/connections.c:3757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifnstr[2 * IFNAMSIZ + 2]; /* id_rname@id_vname\0 */
data/libreswan-3.32/programs/pluto/connections.c:3758:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instance[32];
data/libreswan-3.32/programs/pluto/connections.c:3759:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[POLICY_PRIO_BUF];
data/libreswan-3.32/programs/pluto/connections.c:3760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtustr[8];
data/libreswan-3.32/programs/pluto/connections.c:3761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sapriostr[13];
data/libreswan-3.32/programs/pluto/connections.c:3762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char satfcstr[13];
data/libreswan-3.32/programs/pluto/connections.c:3763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nflogstr[8];
data/libreswan-3.32/programs/pluto/connections.c:3764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char markstr[2 * (2 * strlen("0xffffffff") + strlen("/")) + strlen(", ") ];
data/libreswan-3.32/programs/pluto/connections.c:3859:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hashpolbuf[200];
data/libreswan-3.32/programs/pluto/connections.c:3871:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mtustr, "unset");
data/libreswan-3.32/programs/pluto/connections.c:3876:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sapriostr, "auto");
data/libreswan-3.32/programs/pluto/connections.c:3881:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(satfcstr, "none");
data/libreswan-3.32/programs/pluto/connections.c:3896:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(nflogstr, "unset");
data/libreswan-3.32/programs/pluto/connections.c:3903:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(markstr, "unset");
data/libreswan-3.32/programs/pluto/connections.c:4194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/connections.h:138:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern void fmt_policy_prio(policy_prio_t pp, char buf[POLICY_PRIO_BUF]);
data/libreswan-3.32/programs/pluto/connections.h:491:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *fmt_conn_instance(const struct connection *c,
data/libreswan-3.32/programs/pluto/connections.h:492:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CONN_INST_BUF]);
data/libreswan-3.32/programs/pluto/connections.h:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/crypt_dh_v1.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WIRE_CHUNK_PTR(*dhq, icookie),
data/libreswan-3.32/programs/pluto/crypt_dh_v1.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WIRE_CHUNK_PTR(*dhq, rcookie),
data/libreswan-3.32/programs/pluto/crypt_dh_v1.c:147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WIRE_CHUNK_PTR(*dhq, icookie),
data/libreswan-3.32/programs/pluto/crypt_dh_v1.c:151:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(WIRE_CHUNK_PTR(*dhq, rcookie),
data/libreswan-3.32/programs/pluto/crypt_symkey.c:500:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new.ptr, lhs->ptr, lhs->len);
data/libreswan-3.32/programs/pluto/crypt_symkey.c:501:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new.ptr + lhs->len, rhs, sizeof_rhs);
data/libreswan-3.32/programs/pluto/crypt_utils.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wire_chunk_ptr(arena, new), chunk->ptr, chunk->len);
data/libreswan-3.32/programs/pluto/db_ops.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_trans, old_trans, ctx->max_trans * sizeof(struct db_trans));
data/libreswan-3.32/programs/pluto/db_ops.c:172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_attrs, old_attrs, ctx->max_attrs * sizeof(struct db_attr));
data/libreswan-3.32/programs/pluto/defs.c:73:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof("warning (expires in %jd minutes)") + 20];
data/libreswan-3.32/programs/pluto/demux.c:167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&non_esp, _buffer, sizeof(uint32_t));
data/libreswan-3.32/programs/pluto/demux.c:626:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[500]; /* Cisco maximum unknown - arbitrary choice */
data/libreswan-3.32/programs/pluto/fetch.c:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(m[mem->len]), ptr, realsize);
data/libreswan-3.32/programs/pluto/fetch.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorbuffer[CURL_ERROR_SIZE] = "";
data/libreswan-3.32/programs/pluto/foodgroups.c:119:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[PATH_MAX];
data/libreswan-3.32/programs/pluto/foodgroups.c:163:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spport_str[256];
data/libreswan-3.32/programs/pluto/foodgroups.c:164:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpport_str[256];
data/libreswan-3.32/programs/pluto/gcm_test_vectors.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text_and_tag.ptr, from.ptr, from.len); \
data/libreswan-3.32/programs/pluto/gcm_test_vectors.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text_and_tag.ptr + len, tag.ptr, tag.len);
data/libreswan-3.32/programs/pluto/hostpair.c:650:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ci[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/hostpair.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ci[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1.c:1811:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + offset,
data/libreswan-3.32/programs/pluto/ikev1.c:3266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1.c:3267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b2[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_aggr.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_dpd.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_dpd.c:443:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_main.c:2037:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.isa_ike_initiator_spi.bytes, icookie, COOKIE_SIZE);
data/libreswan-3.32/programs/pluto/ikev1_main.c:2039:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.isa_ike_responder_spi.bytes, rcookie, COOKIE_SIZE);
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1004:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfqdn[IDTOA_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1012:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idfqdn, IDci->pbs.cur, idlen);
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1099:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2 * sizeof(subnet_buf) + 2 * sizeof(address_buf) + 2 *
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1159:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cthat[END_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1469:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instbuf[END_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1702:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idfqdn[IDTOA_BUF];
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1710:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idfqdn, IDcr->pbs.cur, idlen);
data/libreswan-3.32/programs/pluto/ikev1_send.c:98:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ih, st->st_tpacket.ptr, NSIZEOF_isakmp_hdr);
data/libreswan-3.32/programs/pluto/ikev1_spdb_struct.c:2677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_spdb_struct.c:2686:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_spdb_struct.c:2700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:499:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:587:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:704:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:808:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char single_addresspool[128];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pswdpath[PATH_MAX];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:965:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* we hope that this is more than enough */
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:971:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pswdpath, "r");
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:1906:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauth_username[MAX_XAUTH_USERNAME_LEN];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:2036:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauth_password[XAUTH_MAX_PASS_LENGTH];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:2212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[81];
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:2217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgbuf, strattr.cur, len);
data/libreswan-3.32/programs/pluto/ikev2.c:2518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b1[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2.c:2519:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b2[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2.c:2597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tispi[3 + 2*IKE_SA_SPI_SIZE];
data/libreswan-3.32/programs/pluto/ikev2.c:2603:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trspi[3 + 2*IKE_SA_SPI_SIZE];
data/libreswan-3.32/programs/pluto/ikev2.c:2615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tekl[6] = "";
data/libreswan-3.32/programs/pluto/ikev2.c:2622:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tai[3 + 2 * BYTES_FOR_BITS(256)] = "";
data/libreswan-3.32/programs/pluto/ikev2.c:2628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tei[3 + 2 * BYTES_FOR_BITS(256)] = "";
data/libreswan-3.32/programs/pluto/ikev2.c:2639:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tar[3 + 2 * BYTES_FOR_BITS(256)] = "";
data/libreswan-3.32/programs/pluto/ikev2.c:2645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ter[3 + 2 * BYTES_FOR_BITS(256)] = "";
data/libreswan-3.32/programs/pluto/ikev2.c:3028:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_buf[TTODATAV_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttl_buf[ULTOT_BUF + 32]; /* 32 is aribitary */
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbg_buf[512] ; /* Arbitrary length. It is local */
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_buf[SWAN_MAX_DOMAIN_LEN * 2]; /* this is local */
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[SWAN_MAX_DOMAIN_LEN];
data/libreswan-3.32/programs/pluto/ikev2_message.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(enc_iv, salt.ptr, salt.len);
data/libreswan-3.32/programs/pluto/ikev2_message.c:348:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(enc_iv + salt.len, wire_iv, encrypter->wire_iv_size);
data/libreswan-3.32/programs/pluto/ikev2_message.c:432:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_iv[MAX_CBC_BLOCK_SIZE];
data/libreswan-3.32/programs/pluto/ikev2_message.c:614:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char enc_iv[MAX_CBC_BLOCK_SIZE];
data/libreswan-3.32/programs/pluto/ikev2_message.c:724:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md->raw_packet.ptr + offset, plain[i].ptr,
data/libreswan-3.32/programs/pluto/ikev2_message.c:831:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frag_buffer[PMAX(MIN_MAX_UDP_DATA_v4, MIN_MAX_UDP_DATA_v6)];
data/libreswan-3.32/programs/pluto/ikev2_parent.c:2520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_parent.c:3991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_parent.c:4109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_parent.c:4144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_parent.c:5790:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char replacestr[256];
data/libreswan-3.32/programs/pluto/ikev2_ppk.c:161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&blobs[0], h->blob, h->blob_sz);
data/libreswan-3.32/programs/pluto/ikev2_ppk.c:162:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&blobs[h->blob_sz], hashval.ptr, hashval.len);
data/libreswan-3.32/programs/pluto/ikev2_redirect.c:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gw_str[0xFF];
data/libreswan-3.32/programs/pluto/ikev2_rsa.c:111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signed_octets[sizeof(rsa_sha1_der_header) + sizeof(hash.ptr/*array*/)];
data/libreswan-3.32/programs/pluto/ikev2_rsa.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signed_octets, &rsa_sha1_der_header, sizeof(rsa_sha1_der_header));
data/libreswan-3.32/programs/pluto/ikev2_rsa.c:118:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signed_octets + sizeof(rsa_sha1_der_header), hash.ptr, hash.len);
data/libreswan-3.32/programs/pluto/ikev2_rsa.c:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signed_octets, hash.ptr, hash.len);
data/libreswan-3.32/programs/pluto/ikev2_spdb_struct.c:454:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matching_local_proposal->matching_transform,
data/libreswan-3.32/programs/pluto/ikev2_spdb_struct.c:2205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cookie->bytes, accepted_ike_proposal->remote_spi.bytes, COOKIE_SIZE);
data/libreswan-3.32/programs/pluto/ikev2_ts.c:1153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ts.c:1154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ts.c:1159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ikev2_ts.c:1235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&st->st_ts_this, best.tsi,
data/libreswan-3.32/programs/pluto/ikev2_ts.c:1237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&st->st_ts_that, best.tsr,
data/libreswan-3.32/programs/pluto/initiate.c:139:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:145:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:566:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_buf[LOG_WIDTH];
data/libreswan-3.32/programs/pluto/initiate.c:567:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_buf2[LOG_WIDTH];
data/libreswan-3.32/programs/pluto/initiate.c:617:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demandbuf[256];
data/libreswan-3.32/programs/pluto/initiate.c:697:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:763:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1051:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1062:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1072:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1082:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/initiate.c:1220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/ipsec_doi.c:591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oa[ADDRTOT_BUF + sizeof(":00000")];
data/libreswan-3.32/programs/pluto/kernel.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[POLICY_PRIO_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[POLICY_PRIO_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:726:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resp[256];
data/libreswan-3.32/programs/pluto/kernel.c:799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:890:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prio[POLICY_PRIO_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF + SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/libreswan-3.32/programs/pluto/kernel.c:1665:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_ipip[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_ipcomp[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_esp[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:1733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_ah[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:2550:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kversion[256];
data/libreswan-3.32/programs/pluto/kernel.c:2746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:3004:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/kernel.c:3433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel.h:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[IFNAMSIZ + 20]; /* what would be a safe size? */
data/libreswan-3.32/programs/pluto/kernel_bsd.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pluto_ifn[10];
data/libreswan-3.32/programs/pluto/kernel_bsd.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ri.name, buf[j].ifr_name, IFNAMSIZ);
data/libreswan-3.32/programs/pluto/kernel_bsd.c:197:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auxinfo.ifr_name, buf[j].ifr_name, IFNAMSIZ);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1536]; /* arbitrary limit on shell command length */
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char common_shell_out_str[1024];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[512];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:526:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrmem, &local_sa.sa, local_sa_len);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:528:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrmem, &remote_sa.sa, remote_sa_len);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:669:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[512];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:670:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:725:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrmem, &local_sa.sa, local_sa_len);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:727:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addrmem, &remote_sa.sa, remote_sa_len);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:769:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[512];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:770:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keymat[256];
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:924:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keymat, sa->enckey, sa->enckeylen);
data/libreswan-3.32/programs/pluto/kernel_bsdkame.c:925:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keymat + sa->enckeylen, sa->authkey, sa->authkeylen);
data/libreswan-3.32/programs/pluto/kernel_klips.c:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2048]; /* arbitrary limit on shell command length */
data/libreswan-3.32/programs/pluto/kernel_klips.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char common_shell_out_str[2048];
data/libreswan-3.32/programs/pluto/kernel_linux.c:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pluto_ifn[10];
data/libreswan-3.32/programs/pluto/kernel_linux.c:182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ri.name, buf[j].ifr_name, IFNAMSIZ-1);
data/libreswan-3.32/programs/pluto/kernel_linux.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auxinfo.ifr_name, buf[j].ifr_name, IFNAMSIZ-1);
data/libreswan-3.32/programs/pluto/kernel_linux.c:356:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *proc_sock = fopen(proc_name, "r");
data/libreswan-3.32/programs/pluto/kernel_linux.c:364:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sb[8 * 5]; /* IPv6 address as string-with-colons */
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[PFKEYv2_MAX_MSGSIZE];
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:353:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&it->buf, buf, bl);
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:624:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *description,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:625:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text_said,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:641:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *description,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:642:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text_said,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:654:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *description,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:655:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text_said,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:674:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *description,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:675:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text_said,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1573:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(procname, "r");
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* should be big enough */
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1628:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
!startswith((char *)ff[1].ptr, "->") ||
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1630:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
!startswith((char *)ff[3].ptr, "=>")) {
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1642:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ugh = ttoul((char *)field[0].ptr, field[0].len,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1651:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ugh = ttosubnet((char *)ff[0].ptr, ff[0].len, AF_UNSPEC,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1659:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ugh = ttosubnet((char *)ff[2].ptr, ff[2].len, AF_UNSPEC,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1667:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ugh = read_proto((char *)ff[4].ptr, &ff[4].len,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1671:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ugh = ttosa((char *)ff[4].ptr, ff[4].len, &eri.said);
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1793:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(procname, "r");
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1799:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1801:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_said[SATOT_BUF];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a.ptr, x.ptr, a.len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x.ptr, a.ptr, a.len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:429:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, &rsp, r);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:505:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:703:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), tmpl, attr->rta_len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:721:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(mark_attr), &xfrm_mark, mark_attr->rta_len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &xfrm_if_id, sizeof(uint32_t));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:739:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &xfrm_if_id, sizeof(uint32_t));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:766:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uctx + 1, policy_label, len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reqid_buf[ULTOT_BUF + 32];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1030:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &migrate, attr->rta_len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1047:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &natt, sizeof(natt));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1068:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mig_said[SAMIGTOT_BUF];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1379:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &xre, sizeof(xre));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &algo, sizeof(algo));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)RTA_DATA(attr) + sizeof(algo),
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &algo, sizeof(algo));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1466:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &algo, sizeof(algo));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1467:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)RTA_DATA(attr) + sizeof(algo),
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1483:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &algo, sizeof(algo));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1484:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)RTA_DATA(attr) + sizeof(algo),
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1500:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &sa->tfcpad, sizeof(sa->tfcpad));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &natt, sizeof(natt));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1530:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &sa->xfrm_if_id, sizeof(uint32_t));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &sa->xfrm_if_id, sizeof(uint32_t));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1553:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &xuo, sizeof(xuo));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1575:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &xuctx, sizeof(xuctx));
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1576:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)RTA_DATA(attr) + sizeof(xuctx),
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1649:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a.ptr, x.ptr, a.len);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1777:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uctx->sec_ctx_value, (xuctx + 1),
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[256];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2048]; /* arbitrary limit on shell command length */
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char common_shell_out_str[2048];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2674:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2751:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(proc_f, "r");
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2753:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2755:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disable_ipv6 = atoi(buf);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2850:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_NETLINK_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:2867:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RTA_DATA(attr), &migrate, attr->rta_len);
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[NETLINK_REQ_DATA_SIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IF_NAMESIZE];
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IFNAMSIZ];
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IFNAMSIZ];
data/libreswan-3.32/programs/pluto/keys.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tried[50]; /* keyids of tried public keys */
data/libreswan-3.32/programs/pluto/labeled_ipsec.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sec_ctx_value[MAX_SECCTX_LEN]; /* text label, NUL-terminated */
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctx_str[0];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_name[64];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_key[0];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_name[64];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_key[0];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_name[64];
data/libreswan-3.32/programs/pluto/linux-copy/linux/xfrm.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alg_key[0];
data/libreswan-3.32/programs/pluto/linux_audit.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audit_str[AUDIT_LOG_SIZE];
data/libreswan-3.32/programs/pluto/log.c:335:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pluto_log_fp = fopen(pluto_log_file,
data/libreswan-3.32/programs/pluto/log.c:369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char now[34] = "";
data/libreswan-3.32/programs/pluto/log.c:406:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[10];/*65535+200*/
data/libreswan-3.32/programs/pluto/nat_traversal.c:93:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("/proc/net/ipsec/natt", "r");
data/libreswan-3.32/programs/pluto/nss_cert_verify.c:644:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_id_buf[IDTOA_BUF];
data/libreswan-3.32/programs/pluto/nss_crl_import.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *arg[4] = { NULL };
data/libreswan-3.32/programs/pluto/nss_crl_import.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lenarg[32];
data/libreswan-3.32/programs/pluto/nss_crl_import.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crl_path_space[4096]; /* plenty long? */
data/libreswan-3.32/programs/pluto/packet.c:1913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char space[40]; /* arbitrary limit on label+flock-of-* */
data/libreswan-3.32/programs/pluto/packet.c:2160:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytes, ins->cur, len);
data/libreswan-3.32/programs/pluto/packet.c:2651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outs->cur, bytes, len);
data/libreswan-3.32/programs/pluto/pam_conv.c:102:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, len);
data/libreswan-3.32/programs/pluto/peerlog.c:207:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
c->log_file = fopen(c->log_file_name, "w");
data/libreswan-3.32/programs/pluto/peerlog.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datebuf[32];
data/libreswan-3.32/programs/pluto/pending.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pending.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pending.c:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pending.c:346:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pending.c:359:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pending.c:437:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cip[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/pluto_constants.c:328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const policy_shunt_names[4] = {
data/libreswan-3.32/programs/pluto/pluto_constants.c:335:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const policy_fail_names[4] = {
data/libreswan-3.32/programs/pluto/pluto_constants.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbitnamesbuf[200];
data/libreswan-3.32/programs/pluto/pluto_constants.c:403:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512]; /* NOT RE-ENTRANT! I hope that it is big enough! */
data/libreswan-3.32/programs/pluto/pluto_crypt.h:115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char space[1]; /* actual space follows */
data/libreswan-3.32/programs/pluto/pluto_crypt.h:120:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char more_space[(size) - 1]
data/libreswan-3.32/programs/pluto/pluto_seccomp.c:100:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LSW_SECCOMP_ADD(ctx, open);
data/libreswan-3.32/programs/pluto/pluto_stats.c:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pstats_sa_names[IKE_VERSION_ROOF][SA_TYPE_ROOF] = {
data/libreswan-3.32/programs/pluto/pluto_stats.c:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pstats_sa_reasons[DELETE_REASON_ROOF] = {
data/libreswan-3.32/programs/pluto/plutomain.c:241:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pluto_lock[sizeof(ctl_addr.sun_path)] =
data/libreswan-3.32/programs/pluto/plutomain.c:260:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pluto_lock, O_WRONLY | O_CREAT | O_EXCL | O_TRUNC,
data/libreswan-3.32/programs/pluto/plutomain.c:309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30]; /* holds "<pid>\n" */
data/libreswan-3.32/programs/pluto/plutomain.c:387:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev = open(device, 0);
data/libreswan-3.32/programs/pluto/plutomain.c:606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[72];
data/libreswan-3.32/programs/pluto/plutomain.c:616:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[sizeof(line) - 1];
data/libreswan-3.32/programs/pluto/plutomain.c:839:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pluto_nss_seedbits = atoi(optarg);
data/libreswan-3.32/programs/pluto/plutomain.c:1471:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mess[200];
data/libreswan-3.32/programs/pluto/plutomain.c:1603:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
passert(open("/dev/null", O_RDONLY) == 0);
data/libreswan-3.32/programs/pluto/rcv_whack.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *diag[ka_roof];
data/libreswan-3.32/programs/pluto/retry.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/retry.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char story[80]; /* arbitrary limit */
data/libreswan-3.32/programs/pluto/retry.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/retry.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char story[80]; /* arbitrary limit */
data/libreswan-3.32/programs/pluto/send.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + natt_bonus, a.ptr, a.len);
data/libreswan-3.32/programs/pluto/send.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + natt_bonus + a.len, b.ptr, b.len);
data/libreswan-3.32/programs/pluto/server.c:1006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256] = "not timer based";
data/libreswan-3.32/programs/pluto/server.c:1413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addconn_path_space[4096]; /* plenty long? */
data/libreswan-3.32/programs/pluto/server.c:1467:23: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
addconn_child_pid = vfork(); /* for better, for worse, in sickness and health..... */
data/libreswan-3.32/programs/pluto/server.c:1677:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char space[256];
data/libreswan-3.32/programs/pluto/server.c:1681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromstr[sizeof(" for message to port 65536") +
data/libreswan-3.32/programs/pluto/server.c:1758:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as[INET6_ADDRSTRLEN];
data/libreswan-3.32/programs/pluto/server.c:1805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offstrspace[INET6_ADDRSTRLEN];
data/libreswan-3.32/programs/pluto/server.c:1806:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char orname[50];
data/libreswan-3.32/programs/pluto/show.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libreswan-3.32/programs/pluto/spdb.c:1024:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, pa->trans, pa->trans_cnt *
data/libreswan-3.32/programs/pluto/spdb.c:1026:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t + pa->trans_cnt,
data/libreswan-3.32/programs/pluto/spdb_struct.c:329:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_attrs, old_attrs, n * sizeof(old_attrs[0]));
data/libreswan-3.32/programs/pluto/state.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.c:895:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.c:995:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statebuf[1024];
data/libreswan-3.32/programs/pluto/state.c:1014:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statebuf[1024];
data/libreswan-3.32/programs/pluto/state.c:1033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statebuf[1024];
data/libreswan-3.32/programs/pluto/state.c:1513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.c:2108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inst[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.c:2109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dpdbuf[128];
data/libreswan-3.32/programs/pluto/state.c:2110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char traffic_buf[512], *mbcp;
data/libreswan-3.32/programs/pluto/state.c:2180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastused[40]; /* should be plenty long enough */
data/libreswan-3.32/programs/pluto/state.c:2181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saids_buf[(1 + SATOT_BUF) * 6];
data/libreswan-3.32/programs/pluto/state.c:2487:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_buf[LOG_WIDTH];
data/libreswan-3.32/programs/pluto/state.c:2488:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_buf2[LOG_WIDTH];
data/libreswan-3.32/programs/pluto/state.c:2685:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libreswan-3.32/programs/pluto/state.c:3077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns, *sentence, sl);
data/libreswan-3.32/programs/pluto/state.c:3079:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ns[sl + 1], word, wl+1); /* includes NUL */
data/libreswan-3.32/programs/pluto/state.c:3223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/state.h:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st_xauth_username[MAX_XAUTH_USERNAME_LEN]; /* NUL-terminated */
data/libreswan-3.32/programs/pluto/test_buffer.c:54:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk.ptr, original, chunk.len);
data/libreswan-3.32/programs/pluto/timer.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib1[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/timer.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cib2[CONN_INST_BUF];
data/libreswan-3.32/programs/pluto/udpfromto.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[256];
data/libreswan-3.32/programs/pluto/vendor.c:624:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MD5_DIGEST_SIZE];
data/libreswan-3.32/programs/pluto/vendor.c:637:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vidm + 2, hash, FSWAN_VID_SIZE - 2); /* truncate hash */
data/libreswan-3.32/programs/pluto/vendor.c:639:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vidm + 2, hash, MD5_DIGEST_SIZE);
data/libreswan-3.32/programs/pluto/vendor.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vid_dump[128];
data/libreswan-3.32/programs/pluto/vendor.c:896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_vid[2 * MAX_LOG_VID_LEN + 1];
data/libreswan-3.32/programs/pluto/virtual.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char all[256] = ""; /* arbitrary limit */
data/libreswan-3.32/programs/pluto/x509.c:1057:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char combined_hash[SHA1_DIGEST_SIZE * 8 /*max path len*/];
data/libreswan-3.32/programs/pluto/x509.c:1065:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sighash[SHA1_DIGEST_SIZE];
data/libreswan-3.32/programs/pluto/x509.c:1076:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combined_hash + sz, sighash, SHA1_DIGEST_SIZE);
data/libreswan-3.32/programs/pluto/x509.c:1089:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sighash[SHA1_DIGEST_SIZE];
data/libreswan-3.32/programs/pluto/x509.c:1508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[128];
data/libreswan-3.32/programs/pluto/x509.c:1541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char before[256];
data/libreswan-3.32/programs/pluto/x509.c:1547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char after[256];
data/libreswan-3.32/programs/pluto/x509.c:1590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lu[256];
data/libreswan-3.32/programs/pluto/x509.c:1597:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nu[256];
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:133:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(configfile, "ipsec.conf"); /* safe: see allocation above */
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputhostname[NS_MAXDNAME]; /* hostname for output */
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outputhostname, optarg, copy_len);
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:192:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seedbits = atoi(optarg);
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:376:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev = open(device, 0);
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:409:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char convbuf[MAXBITS / 4 + 50]; /* enough for hex */
data/libreswan-3.32/programs/showhostkey/showhostkey.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pskbuf[128] = "";
data/libreswan-3.32/programs/showhostkey/showhostkey.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qname[256];
data/libreswan-3.32/programs/spi/spi.c:83:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[2];
data/libreswan-3.32/programs/spi/spi.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa[SATOT_BUF];
data/libreswan-3.32/programs/spi/spi.c:157:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *life_opt[life_maxsever][life_maxtype],
data/libreswan-3.32/programs/spi/spi.c:347:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *description,
data/libreswan-3.32/programs/spi/spi.c:348:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text_said,
data/libreswan-3.32/programs/spi/spi.c:370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/libreswan-3.32/programs/spi/spi.c:372:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/libreswan-3.32/programs/spi/spi.c:373:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/proc/net/pf_key_supported", "r");
data/libreswan-3.32/programs/spi/spi.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_buf[TTODATAV_BUF];
data/libreswan-3.32/programs/spi/spi.c:504:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void emit_lifetime(const char *extname, uint16_t exttype, struct sadb_ext *extensions[K_SADB_EXT_MAX + 1],
data/libreswan-3.32/programs/spi/spi.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *lo[life_maxtype], uint32_t l[life_maxtype])
data/libreswan-3.32/programs/spi/spi.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipsaid_txt[SATOT_BUF] = "(error)";
data/libreswan-3.32/programs/spi/spi.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *life_opt[life_maxsever][life_maxtype];
data/libreswan-3.32/programs/spi/spi.c:1714:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pfkey_buf[PFKEYv2_MAX_MSGSIZE];
data/libreswan-3.32/programs/spigrp/spigrp.c:235:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
err_t e = ttosa((const char *)argv[i + 2], 0,
data/libreswan-3.32/programs/tncfg/tncfg.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char virtname[64];
data/libreswan-3.32/programs/tncfg/tncfg.c:283:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr.ifr_ifru.ifru_newname, &shc, sizeof(shc));
data/libreswan-3.32/programs/whack/whack.c:261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[120]; /* arbitrary limit */
data/libreswan-3.32/programs/whack/whack.c:837:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; /* arbitrary limit */
data/libreswan-3.32/programs/whack/whack.c:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; /* arbitrary limit */
data/libreswan-3.32/programs/whack/whack.c:918:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char esp_buf[256]; /* uses snprintf */
data/libreswan-3.32/programs/whack/whack.c:931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyspace[RSA_MAX_ENCODING_BYTES];
data/libreswan-3.32/programs/whack/whack.c:933:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthusername[MAX_XAUTH_USERNAME_LEN];
data/libreswan-3.32/programs/whack/whack.c:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xauthpass[XAUTH_MAX_PASS_LENGTH];
data/libreswan-3.32/programs/whack/whack.c:1219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mydiag_space[TTODATAV_BUF];
data/libreswan-3.32/programs/whack/whack.c:1232:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ugh_space[80];
data/libreswan-3.32/programs/whack/whack.c:1245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mydiag_space[TTODATAV_BUF];
data/libreswan-3.32/programs/whack/whack.c:1258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ugh_space[80];
data/libreswan-3.32/programs/whack/whack.c:2251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[120];
data/libreswan-3.32/programs/whack/whack.c:2264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[120];
data/libreswan-3.32/programs/whack/whack.c:2697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4097]; /* arbitrary limit on log line length */
data/libreswan-3.32/testing/cert_verify/verify.c:58:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/libreswan-3.32/testing/cert_verify/verify.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[1024];
data/libreswan-3.32/testing/check/enum/enumcheck.c:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[100];
data/libreswan-3.32/testing/check/enum/enumcheck.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[100];
data/libreswan-3.32/testing/check/enum/enumcheck.c:257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[100];
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[12] = "abcdefghijkl";
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[5/*stuff*/+2/*NUL+CANARY*/];
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[1024];
data/libreswan-3.32/testing/check/time/check_deltatime.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[1000];
data/libreswan-3.32/testing/check/time/check_monotime.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[1000];
data/libreswan-3.32/testing/check/time/check_realtime.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[1000];
data/libreswan-3.32/testing/utils/ike-aggr-dos/ike-aggr-dos.c:159:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char newbytes[8192];
data/libreswan-3.32/testing/utils/ike-aggr-dos/ike-aggr-dos.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbytes, bytes, h->len);
data/libreswan-3.32/testing/utils/ike-aggr-dos/ike-aggr-dos.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/libreswan-3.32/testing/utils/pcap2skb/pcap2skb.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[81];
data/libreswan-3.32/testing/utils/pcap2skb/pcap2skb.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/libreswan-3.32/contrib/c-swan/is_encrypted.c:54:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(source_ip, optarg, IPLEN);
data/libreswan-3.32/contrib/c-swan/is_encrypted.c:71:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest_ip, argv[optind], IPLEN);
data/libreswan-3.32/contrib/c-swan/swan.c:69:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nbytes = read(link[0], buffer, COMMAND_BUFFER - 1);
data/libreswan-3.32/contrib/c-swan/swan.c:133:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = output; *p != 0; p += strlen(p) + 1) {
data/libreswan-3.32/contrib/c-swan/swan.c:135:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(source, p + strlen(p) + 1, IPLEN);
data/libreswan-3.32/contrib/c-swan/swan.c:135:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(source, p + strlen(p) + 1, IPLEN);
data/libreswan-3.32/contrib/c-swan/swan.c:199:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = xfrm; *p != 0; p += strlen(p) + 1) {
data/libreswan-3.32/contrib/c-swan/swan.c:230:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyword, p, IPLEN);
data/libreswan-3.32/contrib/labeled-ipsec/getpeercon_server.c:118:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(srv_sock_addr.sun_path, srv_sock_path, UNIX_PATH_MAX-1);
data/libreswan-3.32/include/constants.h:124:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define startswith(a, b) strneq((a), (b), strlen(b))
data/libreswan-3.32/include/constants.h:136:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((dest), (src), (len)-1); \
data/libreswan-3.32/include/lswalloc.h:91:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((str) == NULL ? NULL : clone_bytes((str), strlen((str)) + 1, (name)))
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:116:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(ipsp_dir_strs[xpl->sadb_x_policy_dir]) +
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:118:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ipsp_policy_strs[xpl->sadb_x_policy_type]) +
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:157:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:157:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:157:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:282:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len)
data/libreswan-3.32/lib/libbsdpfkey/ipsec_dump_policy.c:282:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len)
data/libreswan-3.32/lib/libbsdpfkey/test-policy.c:130:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = ipsec_set_policy(req->str, strlen(req->str));
data/libreswan-3.32/lib/libbsdpfkey/test-policy.c:234:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp1 = ipsec_set_policy(pol1, strlen(pol1));
data/libreswan-3.32/lib/libbsdpfkey/test-policy.c:236:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp2 = ipsec_set_policy(pol2, strlen(pol2));
data/libreswan-3.32/lib/libipsecconf/confread.c:224:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ol = strlen(perrl->errors);
data/libreswan-3.32/lib/libipsecconf/confread.c:225:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t al = strlen(tmp_err);
data/libreswan-3.32/lib/libipsecconf/confread.c:268:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *const end = val + strlen(val);
data/libreswan-3.32/lib/libipsecconf/confread.c:293:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *e = b + strlen(b);
data/libreswan-3.32/lib/libipsecconf/confread.c:577:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tnatoaddr(value, strlen(value), AF_UNSPEC,
data/libreswan-3.32/lib/libipsecconf/confread.c:584:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value), AF_INET,
data/libreswan-3.32/lib/libipsecconf/confread.c:587:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value), AF_INET6,
data/libreswan-3.32/lib/libipsecconf/confread.c:660:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tnatoaddr(value, strlen(value), AF_UNSPEC,
data/libreswan-3.32/lib/libipsecconf/confread.c:667:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value), AF_INET,
data/libreswan-3.32/lib/libipsecconf/confread.c:670:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value), AF_INET6,
data/libreswan-3.32/lib/libipsecconf/confread.c:911:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t old_len = strlen(s); /* excludes '\0' */
data/libreswan-3.32/lib/libipsecconf/confread.c:912:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t new_len = strlen(kw->string);
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:98:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rl = read(sock, be, (buf + sizeof(buf) - 1) - be);
data/libreswan-3.32/lib/libipsecconf/starterwhack.c:259:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ctl_addr.sun_path)) <
data/libreswan-3.32/lib/libswan/addrtot.c:118:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/lib/libswan/addrtot.c:223:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf) + 1;
data/libreswan-3.32/lib/libswan/addrtot.c:254:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf) + 1;
data/libreswan-3.32/lib/libswan/chunk.c:102:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunk_t chunk = alloc_chunk((strlen(hex)+1)/2, name);
data/libreswan-3.32/lib/libswan/ckaid.c:36:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(start) > ckaid.nss->len * 2) {
data/libreswan-3.32/lib/libswan/constants.c:66:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t full_len = strlen(src);
data/libreswan-3.32/lib/libswan/constants.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hint += strlen(hint);
data/libreswan-3.32/lib/libswan/constants.c:2304:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pl = strlen(prefix);
data/libreswan-3.32/lib/libswan/constants.c:2351:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(name);
data/libreswan-3.32/lib/libswan/datatot.c:105:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nreal = strlen(prefix);
data/libreswan-3.32/lib/libswan/datatot.c:109:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, prefix, dstlen-1);
data/libreswan-3.32/lib/libswan/fd.c:139:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd->fd, buf, nbytes);
data/libreswan-3.32/lib/libswan/id.c:108:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src), &id->name.len);
data/libreswan-3.32/lib/libswan/id.c:120:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src), &id->name.len);
data/libreswan-3.32/lib/libswan/id.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src + 2);
data/libreswan-3.32/lib/libswan/id.c:147:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id->name.len = strlen(src) - 1;
data/libreswan-3.32/lib/libswan/id.c:156:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id->name.len = strlen(src);
data/libreswan-3.32/lib/libswan/ike_alg.c:937:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pexpect_ike_alg(alg, (strlen(alg->fqn) ==
data/libreswan-3.32/lib/libswan/ike_alg.c:1055:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cw = strlen(ike_alg_integ_hmac_sha2_256_truncbug.common.fqn);
data/libreswan-3.32/lib/libswan/ike_alg.c:1057:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cw = strlen(ike_alg_encrypt_null_integ_aes_gmac.common.fqn);
data/libreswan-3.32/lib/libswan/ike_alg.c:1061:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pexpect_ike_alg(alg, cw >= strlen(alg->fqn));
data/libreswan-3.32/lib/libswan/ip_protocol.c:88:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncaseeq(prefix, p->prefix, strlen(p->prefix))) {
data/libreswan-3.32/lib/libswan/ip_range.c:135:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ip_said.c:73:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dst, "(error)", dstlen-1);
data/libreswan-3.32/lib/libswan/ip_said.c:93:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/lib/libswan/ip_said.c:126:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/lib/libswan/ip_said.c:132:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/lib/libswan/jambuf.c:131:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passert(buf->roof > strlen(buf->dots));
data/libreswan-3.32/lib/libswan/jambuf.c:132:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dest = buf->array + buf->roof - strlen(buf->dots) - 1;
data/libreswan-3.32/lib/libswan/jambuf.c:134:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(dest, buf->dots, strlen(buf->dots) + 1);
data/libreswan-3.32/lib/libswan/jambuf.c:235:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return jam_raw_bytes(buf, string, strlen(string));
data/libreswan-3.32/lib/libswan/jambuf.c:282:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos->total + strlen(buf->dots) < buf->roof) {
data/libreswan-3.32/lib/libswan/keyblobtoid.c:45:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + 1 > dstlen)
data/libreswan-3.32/lib/libswan/keyblobtoid.c:122:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bl = strlen(b) + 1;
data/libreswan-3.32/lib/libswan/keyblobtoid.c:125:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = keyblobtoid(hexblob, strlen(hexblob), buf, sizeof(buf));
data/libreswan-3.32/lib/libswan/keyblobtoid.c:136:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = splitkeytoid(hexe, strlen(hexe), hexm, strlen(hexm), buf,
data/libreswan-3.32/lib/libswan/keyblobtoid.c:136:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = splitkeytoid(hexe, strlen(hexe), hexm, strlen(hexm), buf,
data/libreswan-3.32/lib/libswan/lex.c:118:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = flp->buffer + strlen(flp->buffer);
data/libreswan-3.32/lib/libswan/lex.c:148:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = flp->tok + strlen(flp->tok);
data/libreswan-3.32/lib/libswan/lex.c:173:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libreswan-3.32/lib/libswan/lset.c:87:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libreswan-3.32/lib/libswan/lswlog_nss_cka.c:27:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define CASE(T) case T: return lswlogs(buf, #T + strlen("CKA_"))
data/libreswan-3.32/lib/libswan/lswlog_nss_ckf.c:32:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += lswlogs(buf, #F + strlen("CKF_")); \
data/libreswan-3.32/lib/libswan/lswlog_nss_ckm.c:27:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define CASE(T) case T: return lswlogs(buf, #T + strlen("CKM_"))
data/libreswan-3.32/lib/libswan/lswnss.c:49:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(sql, configdir, strlen(sql)) == 0) {
data/libreswan-3.32/lib/libswan/lswnss.c:52:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nssdir = alloc_bytes(strlen(configdir) + strlen(sql) + 1, "(ignore) nssdir");
data/libreswan-3.32/lib/libswan/lswnss.c:52:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nssdir = alloc_bytes(strlen(configdir) + strlen(sql) + 1, "(ignore) nssdir");
data/libreswan-3.32/lib/libswan/lswnss.c:290:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token, strlen(password));
data/libreswan-3.32/lib/libswan/netlink_attrib.c:68:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return nl_addattr_l(n, maxlen, type, str, strlen(str)+1);
data/libreswan-3.32/lib/libswan/nss_cert_load.c:74:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t binlen = (strlen(ckaid) + 1) / 2;
data/libreswan-3.32/lib/libswan/shunk.c:38:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return shunk2(ptr, strlen(ptr));
data/libreswan-3.32/lib/libswan/shunk.c:186:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(string, shunk.ptr, shunk.len);
data/libreswan-3.32/lib/libswan/ttoaddr.c:112:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttoaddr.c:180:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(p, src, srclen);
data/libreswan-3.32/lib/libswan/ttoaddr.c:464:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttoaddr.c:503:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttodata.c:67:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttodata.c:612:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oops, strlen(r->data));
data/libreswan-3.32/lib/libswan/ttodata.c:613:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(r->data, strlen(r->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:621:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (n != strlen(r->data)) {
data/libreswan-3.32/lib/libswan/ttodata.c:624:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("', expecting %lu `", strlen(r->data));
data/libreswan-3.32/lib/libswan/ttodata.c:625:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(r->data, strlen(r->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:631:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("', expecting %lu `", strlen(r->data));
data/libreswan-3.32/lib/libswan/ttodata.c:632:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(r->data, strlen(r->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:713:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = datatot(dr->data, strlen(dr->data), dr->format, buf,
data/libreswan-3.32/lib/libswan/ttodata.c:715:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
should = (dr->ascii == NULL) ? 0 : strlen(dr->ascii) + 1;
data/libreswan-3.32/lib/libswan/ttodata.c:722:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(dr->data, strlen(dr->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:728:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(dr->data, strlen(dr->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:734:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(dr->data, strlen(dr->data), stdout);
data/libreswan-3.32/lib/libswan/ttodata.c:740:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hexout(dr->data, strlen(dr->data), stdout);
data/libreswan-3.32/lib/libswan/ttoprotoport.c:44:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen(src);
data/libreswan-3.32/lib/libswan/ttoprotoport.c:138:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oops = ttoprotoport(argv[1], strlen(argv[1]),
data/libreswan-3.32/lib/libswan/ttoprotoport.c:173:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_t err = ttoprotoport(r->ascii, strlen(r->ascii),
data/libreswan-3.32/lib/libswan/ttosa.c:59:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttosa.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(mp->name);
data/libreswan-3.32/lib/libswan/ttosa.c:76:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttosa.c:87:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spi = src + strlen(sat->prefix);
data/libreswan-3.32/lib/libswan/ttosubnet.c:56:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/ttoul.c:43:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/unbound.c:235:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srclen = strlen(src);
data/libreswan-3.32/lib/libswan/x509dn.c:760:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(op->name) == ol && strncaseeq(op->name, src, ol)) {
data/libreswan-3.32/lib/libwhack/aliascomp.c:37:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = strlen(name);
data/libreswan-3.32/lib/libwhack/whacklib.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s) + 1;
data/libreswan-3.32/lib/libwhack/whacklib.c:258:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/lib/libwhack/whacklib.c:280:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(secret) + 1;
data/libreswan-3.32/linux/include/ocf-compat.h:92:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((_sc)->_device.name, _name, \
data/libreswan-3.32/linux/include/ocf-compat.h:235:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
({ strncpy(dest, src, (len) - 1); ((char *)dest)[(len) - 1] = '\0'; })
data/libreswan-3.32/linux/net/ipsec/addrtot.c:52:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/libreswan-3.32/linux/net/ipsec/addrtot.c:86:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:111:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:151:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:176:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:215:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(dst, "<invalid>", dstlen - 1); /* we hope possible truncation does not cause problems */
data/libreswan-3.32/linux/net/ipsec/addrtot.c:320:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf) + 1;
data/libreswan-3.32/linux/net/ipsec/addrtot.c:351:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf) + 1;
data/libreswan-3.32/linux/net/ipsec/addrtot.c:414:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oops = ttoaddr(in, strlen(in), AF_UNSPEC, &a);
data/libreswan-3.32/linux/net/ipsec/datatot.c:101:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nreal = strlen(prefix);
data/libreswan-3.32/linux/net/ipsec/datatot.c:105:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dst, prefix, dstlen-1);
data/libreswan-3.32/linux/net/ipsec/infblock.c:212:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
z->total_out + (q >= s->read ? q - s->read :
data/libreswan-3.32/linux/net/ipsec/infblock.c:212:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
z->total_out + (q >= s->read ? q - s->read :
data/libreswan-3.32/linux/net/ipsec/infblock.c:213:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(s->end - s->read) + (q - s->window))));
data/libreswan-3.32/linux/net/ipsec/infblock.c:346:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
z->total_out + (q >= s->read ? q - s->read :
data/libreswan-3.32/linux/net/ipsec/infblock.c:346:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
z->total_out + (q >= s->read ? q - s->read :
data/libreswan-3.32/linux/net/ipsec/infblock.c:347:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(s->end - s->read) + (q - s->window))));
data/libreswan-3.32/linux/net/ipsec/infblock.c:356:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->read != s->write)
data/libreswan-3.32/linux/net/ipsec/infcodes.c:226:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->read != s->write)
data/libreswan-3.32/linux/net/ipsec/infutil.c:34:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
q = s->read;
data/libreswan-3.32/linux/net/ipsec/infutil.h:56:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Bytef *read; /* window read pointer */
data/libreswan-3.32/linux/net/ipsec/infutil.h:78:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define WAVAIL (uInt)(q<s->read?s->read-q-1:s->end-q)
data/libreswan-3.32/linux/net/ipsec/infutil.h:80:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define WRAP {if(q==s->end&&s->read!=s->window){q=s->window;m=(uInt)WAVAIL;}}
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:344:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cptr->alg.ixt_common.ixt_name, cptr->ciphername,
data/libreswan-3.32/linux/net/ipsec/ipsec_alg_cryptoapi.c:627:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dptr->alg.ixt_common.ixt_name, dptr->digestname, sizeof(dptr->alg.ixt_common.ixt_name)-1);
data/libreswan-3.32/linux/net/ipsec/ipsec_mast.c:782:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("ipsec")) == 0) {
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:1580:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(realphysname, cf->cf_name, IFNAMSIZ-1);
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:1916:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(dev->name, "ipsec", strlen("ipsec")) == 0) {
data/libreswan-3.32/linux/net/ipsec/ipsec_tunnel.c:2163:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev_ipsec->name, name, sizeof(dev_ipsec->name)-1);
data/libreswan-3.32/linux/net/ipsec/satot.c:68:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(dst, "(error)", dstlen-1);
data/libreswan-3.32/linux/net/ipsec/satot.c:86:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) ultot((unsigned char)sa->proto, 10, unk + strlen(unk),
data/libreswan-3.32/linux/net/ipsec/satot.c:87:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(unk) - strlen(unk));
data/libreswan-3.32/linux/net/ipsec/satot.c:97:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/linux/net/ipsec/satot.c:130:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/linux/net/ipsec/satot.c:136:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/libreswan-3.32/programs/_import_crl/_import_crl.c:78:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*lenstr == '0' && strlen(lenstr) == 1)
data/libreswan-3.32/programs/_import_crl/_import_crl.c:93:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (tlen != 0 && (rd = read(STDIN_FILENO, buf, len)) != 0) {
data/libreswan-3.32/programs/addconn/addconn.c:56:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *cpy = strndup(str, strlen(str));
data/libreswan-3.32/programs/addconn/addconn.c:130:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LSW_SECCOMP_ADD(ctx, read);
data/libreswan-3.32/programs/addconn/addconn.c:355:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
configfile = alloc_bytes(strlen(confdir) +
data/libreswan-3.32/programs/addconn/addconn.c:361:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/')
data/libreswan-3.32/programs/addconn/addconn.c:362:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(configfile, "/"); /* safe: see allocation above */
data/libreswan-3.32/programs/algparse/algparse.c:178:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg + strlen(protocol->name) == eq) {
data/libreswan-3.32/programs/cavp/cavp_parser.c:170:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) >= sizeof(line) - 1) {
data/libreswan-3.32/programs/cavp/cavp_parser.c:176:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int last = strlen(line) - 1;
data/libreswan-3.32/programs/eroute/eroute.c:448:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t room = strlen(argv[0]) +
data/libreswan-3.32/programs/eroute/eroute.c:450:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg);
data/libreswan-3.32/programs/klipsdebug/klipsdebug.c:287:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t room = strlen(argv[0]) +
data/libreswan-3.32/programs/klipsdebug/klipsdebug.c:289:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg);
data/libreswan-3.32/programs/pf_key/pf_key.c:445:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((readlen = read(pfkey_sock, pfkey_buf, sizeof(pfkey_buf))) > 0)
data/libreswan-3.32/programs/pluto/connections.c:618:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/libreswan-3.32/programs/pluto/connections.c:635:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w += strlen(buf + w);
data/libreswan-3.32/programs/pluto/connections.c:1022:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_end = wmmark + strlen("-1");
data/libreswan-3.32/programs/pluto/connections.c:3764:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char markstr[2 * (2 * strlen("0xffffffff") + strlen("/")) + strlen(", ") ];
data/libreswan-3.32/programs/pluto/connections.c:3764:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char markstr[2 * (2 * strlen("0xffffffff") + strlen("/")) + strlen(", ") ];
data/libreswan-3.32/programs/pluto/connections.c:3764:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char markstr[2 * (2 * strlen("0xffffffff") + strlen("/")) + strlen(", ") ];
data/libreswan-3.32/programs/pluto/fetch.c:186:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
data/libreswan-3.32/programs/pluto/fetch.c:481:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(n->crl->url)
data/libreswan-3.32/programs/pluto/foodgroups.c:108:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(oco->policies_dir) + 2 + strlen(fgn) + 1;
data/libreswan-3.32/programs/pluto/foodgroups.c:108:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen(oco->policies_dir) + 2 + strlen(fgn) + 1;
data/libreswan-3.32/programs/pluto/foodgroups.c:191:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dport == 0 && (strlen(flp->tok) != 1 || flp->tok[0] != '0')) {
data/libreswan-3.32/programs/pluto/ikev1_quick.c:1129:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(buf + l);
data/libreswan-3.32/programs/pluto/ikev1_spdb_struct.c:116:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uctx.sec_ctx_value) + 1 != uctx.ctx.ctx_len) {
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:318:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = out_raw(first, strlen(first), &attrval, "MODECFG_DOMAIN");
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:324:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(c->modecfg_banner),
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:1989:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(st->
data/libreswan-3.32/programs/pluto/ikev1_xauth.c:2066:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(xauth_password),
data/libreswan-3.32/programs/pluto/ikev2_ipseckey.c:209:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(pubkey);
data/libreswan-3.32/programs/pluto/ikev2_parent.c:1848:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = (str == NULL) ? 0 : strlen(str),
data/libreswan-3.32/programs/pluto/ikev2_send.c:104:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!out_raw(string, strlen(string), &pbs, string)) {
data/libreswan-3.32/programs/pluto/kernel.c:674:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(cmd);
data/libreswan-3.32/programs/pluto/kernel.c:739:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *e = resp + strlen(resp);
data/libreswan-3.32/programs/pluto/kernel.c:1219:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(text_said);
data/libreswan-3.32/programs/pluto/kernel_linux.c:370:12: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int r = fscanf(proc_sock,
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:290:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(pfkeyfd, buf->bytes, sizeof(buf->bytes));
data/libreswan-3.32/programs/pluto/kernel_pfkey.c:1836:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strneq(line, text_said, strlen(text_said))) {
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:747:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(policy_label) + 1;
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:905:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passert((SAMIGTOT_BUF - strlen(text_said)) > SATOT_BUF);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:939:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
passert((SAMIGTOT_BUF - strlen(text_said)) > SATOT_BUF);
data/libreswan-3.32/programs/pluto/kernel_xfrm.c:1790:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(uctx->sec_ctx_value) + 1 != len) {
data/libreswan-3.32/programs/pluto/kernel_xfrm_interface.c:173:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(link_type));
data/libreswan-3.32/programs/pluto/keys.c:883:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.len = strlen(xauthname)
data/libreswan-3.32/programs/pluto/keys.c:1174:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t binlen = (strlen(ckaid) + 1) / 2;
data/libreswan-3.32/programs/pluto/nat_traversal.c:97:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = getc(f);
data/libreswan-3.32/programs/pluto/nss_cert_verify.c:706:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (c_len == strlen(n_ptr) && strncaseeq(n_ptr, c_ptr, c_len)) {
data/libreswan-3.32/programs/pluto/nss_cert_verify.c:709:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jam_sanitized_bytes(buf, raw_id, strlen(raw_id)),
data/libreswan-3.32/programs/pluto/nss_cert_verify.c:755:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jam_sanitized_bytes(buf, raw_id, strlen(raw_id));
data/libreswan-3.32/programs/pluto/packet.c:1914:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(label);
data/libreswan-3.32/programs/pluto/pam_conv.c:99:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s) + 1;
data/libreswan-3.32/programs/pluto/peerlog.c:179:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lf_len = (strlen(peerlog_basedir) +
data/libreswan-3.32/programs/pluto/peerlog.c:184:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(suffix) +
data/libreswan-3.32/programs/pluto/peerlog.c:198:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pexpect(lf_len > strlen(c->log_file_name) + 1);
data/libreswan-3.32/programs/pluto/pem.c:57:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned pattern_len = strlen(pattern);
data/libreswan-3.32/programs/pluto/pem.c:73:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ch->len == strlen(pattern) &&
data/libreswan-3.32/programs/pluto/pluto_crypt.c:819:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(helper_exited.recv, &w, sizeof(w)) < 0 ||
data/libreswan-3.32/programs/pluto/pluto_seccomp.c:55:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LSW_SECCOMP_ADD(ctx, read);
data/libreswan-3.32/programs/pluto/plutoalg.h:11:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define IKEALGBUF_LEN strlen("00000_000-00000_000-00000")
data/libreswan-3.32/programs/pluto/plutomain.c:399:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = read(dev, buf + ndone, nbytes - ndone);
data/libreswan-3.32/programs/pluto/plutomain.c:610:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lw = strlen(line);
data/libreswan-3.32/programs/pluto/plutomain.c:614:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *meta = nm + strlen(nm) + 1;
data/libreswan-3.32/programs/pluto/plutomain.c:634:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cw = strlen(chunk);
data/libreswan-3.32/programs/pluto/plutomain.c:756:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optmeta = optname + strlen(optname) + 1; /* after '\0' */
data/libreswan-3.32/programs/pluto/send.c:175:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/libreswan-3.32/programs/pluto/server.c:156:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t ou = umask(~(S_IRWXU | S_IRWXG));
data/libreswan-3.32/programs/pluto/server.c:158:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t ou = umask(~S_IRWXU);
data/libreswan-3.32/programs/pluto/server.c:163:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ctl_addr.sun_path)) < 0)
data/libreswan-3.32/programs/pluto/server.c:165:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(ou);
data/libreswan-3.32/programs/pluto/state.c:3073:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(*sentence);
data/libreswan-3.32/programs/pluto/state.c:3074:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t wl = strlen(word);
data/libreswan-3.32/programs/pluto/test_buffer.c:51:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunk = chunk_from_hex(original + strlen("0x"), original);
data/libreswan-3.32/programs/pluto/test_buffer.c:53:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunk = zalloc_chunk(strlen(original), original);
data/libreswan-3.32/programs/pluto/vendor.c:601:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vid->vid_len = strlen(vid->vid);
data/libreswan-3.32/programs/pluto/vendor.c:606:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vid->vid_len = strlen(vid->data);
data/libreswan-3.32/programs/pluto/vendor.c:618:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypt_hash_digest_bytes(ctx, "data", d, strlen(vid->data));
data/libreswan-3.32/programs/pluto/vendor.c:631:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crypt_hash_digest_bytes(ctx, "data", vid->data, strlen(vid->data));
data/libreswan-3.32/programs/pluto/vendor.c:675:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(vid_dump), j = vid->vid_len
data/libreswan-3.32/programs/pluto/vendor.c:954:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pluto_vendorid, strlen(pluto_vendorid), "Pluto Vendor ID")) {
data/libreswan-3.32/programs/pluto/virtual.c:136:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = str + strlen(str);
data/libreswan-3.32/programs/pluto/virtual.c:173:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = str + strlen(str);
data/libreswan-3.32/programs/pluto/virtual.c:247:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = str + strlen(str);
data/libreswan-3.32/programs/pluto/virtual.c:294:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = str + strlen(str);
data/libreswan-3.32/programs/pluto/virtual.c:455:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(all) + strlen(sep) + strlen(sn) <
data/libreswan-3.32/programs/pluto/virtual.c:455:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(all) + strlen(sep) + strlen(sn) <
data/libreswan-3.32/programs/pluto/virtual.c:455:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(all) + strlen(sep) + strlen(sn) <
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:125:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
configfile = alloc_bytes(strlen(confdir) +
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:131:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (configfile[0] != '\0' && configfile[strlen(configfile) - 1] != '/')
data/libreswan-3.32/programs/readwriteconf/readwriteconf.c:132:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(configfile, "/"); /* safe: see allocation above */
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:168:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t full_len = strlen(optarg);
data/libreswan-3.32/programs/rsasigkey/rsasigkey.c:387:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
got = read(dev, buf + ndone, nbytes - ndone);
data/libreswan-3.32/programs/showhostkey/showhostkey.c:273:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ttoaddr(gateway, strlen(gateway), AF_INET,
data/libreswan-3.32/programs/showhostkey/showhostkey.c:276:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (ttoaddr(gateway, strlen(gateway), AF_INET6,
data/libreswan-3.32/programs/spi/spi.c:244:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optargt + strlen(optargt),
data/libreswan-3.32/programs/spi/spi.c:246:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(optargp));
data/libreswan-3.32/programs/spi/spi.c:253:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optargt + strlen(optargt),
data/libreswan-3.32/programs/spi/spi.c:288:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(myoptarg),
data/libreswan-3.32/programs/spi/spi.c:661:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t room = strlen(argv[0]) +
data/libreswan-3.32/programs/spi/spi.c:663:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg);
data/libreswan-3.32/programs/spi/spi.c:1716:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((readlen = read(pfkey_sock, pfkey_buf,
data/libreswan-3.32/programs/spigrp/spigrp.c:131:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t room = strlen(argv[0]) +
data/libreswan-3.32/programs/spigrp/spigrp.c:133:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg);
data/libreswan-3.32/programs/tncfg/tncfg.c:244:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t room = strlen(argv[0]) +
data/libreswan-3.32/programs/tncfg/tncfg.c:246:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(optarg);
data/libreswan-3.32/programs/whack/whack.c:2184:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (optarg != NULL && strlen(optarg) < IFNAMSIZ)
data/libreswan-3.32/programs/whack/whack.c:2676:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sun_path) + strlen(ctl_addr.sun_path)) < 0)
data/libreswan-3.32/programs/whack/whack.c:2702:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rl = read(sock, be, (buf + sizeof(buf) - 1) - be);
data/libreswan-3.32/testing/check/ip/ip_range_check.c:356:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->lo) > 0) {
data/libreswan-3.32/testing/check/ip/ip_range_check.c:366:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t->hi) > 0) {
data/libreswan-3.32/testing/check/ip/ip_said_check.c:108:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_t err = ttosa(t->in, strlen(t->in), &sa);
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:117:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shunk.len != strlen(expect) ||
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:124:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos != array + strlen(expect)) {
data/libreswan-3.32/testing/check/jambuf/jambufcheck.c:126:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos, array + strlen(expect));
ANALYSIS SUMMARY:
Hits = 1323
Lines analyzed = 222607 in approximately 6.45 seconds (34539 lines/second)
Physical Source Lines of Code (SLOC) = 150975
Hits@level = [0] 1253 [1] 274 [2] 901 [3] 17 [4] 127 [5] 4
Hits@level+ = [0+] 2576 [1+] 1323 [2+] 1049 [3+] 148 [4+] 131 [5+] 4
Hits/KSLOC@level+ = [0+] 17.0624 [1+] 8.76304 [2+] 6.94817 [3+] 0.980295 [4+] 0.867693 [5+] 0.0264945
Symlinks skipped = 2 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.