Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_error.h Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_library.h Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_memory.h Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_nvfilename.h Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_tis.h Examining data/libtpms-0.8.0~dev1/include/libtpms/tpm_types.h Examining data/libtpms-0.8.0~dev1/src/compiler.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_admin.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_admin.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_audit.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_audit.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_auth.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_auth.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_commands.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_constants.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_counter.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_counter.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_debug.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_debug.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_delegate.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_delegate.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_digest.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_digest.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_error.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_global.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_global.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_identity.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_identity.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_init.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_init.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_io.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_key.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_key.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_libtpms_io.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_load.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_load.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_memory.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nonce.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nonce.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram_const.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_owner.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_owner.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_pcr.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_pcr.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_permanent.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_permanent.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_platform.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_platform.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_process.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_process.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_secret.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_secret.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_session.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_session.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_sizedbuffer.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_sizedbuffer.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_startup.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_startup.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_storage.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_storage.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_store.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_store.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_structures.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_svnrevision.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_svnrevision.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_ticks.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_ticks.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_time.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_time.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.h Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_ver.c Examining data/libtpms-0.8.0~dev1/src/tpm12/tpm_ver.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ACT.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ACTCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ACT_SetTimeout_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ACT_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ACT_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ActivateCredential_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmCap.c Examining data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmCap_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmTests.c Examining data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmTests_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/AsymmetricCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Attest_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Attest_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/AttestationCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/AuditCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/BackwardsCompatibility.h Examining data/libtpms-0.8.0~dev1/src/tpm2/BaseTypes.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Bits.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Bits_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/BnConvert.c Examining data/libtpms-0.8.0~dev1/src/tpm2/BnMath.c Examining data/libtpms-0.8.0~dev1/src/tpm2/BnMemory.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Cancel.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Capabilities.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CapabilityCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CertifyCreation_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CertifyX509_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Certify_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ChangeEPS_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ChangePPS_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ClearControl_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Clear_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Clock.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ClockCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ClockRateAdjust_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ClockSet_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandAttributeData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandAttributes.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandAudit.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandAudit_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandCodeAttributes.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandCodeAttributes_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandDispatchData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandDispatcher.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CommandDispatcher_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Commit_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CompilerDependencies.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ContextCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ContextLoad_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ContextSave_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Context_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Context_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CreateLoaded_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CreatePrimary_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Create_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CryptEccData.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CryptSelfTest.c Examining data/libtpms-0.8.0~dev1/src/tpm2/CryptSelfTest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/CryptUtil.c Examining data/libtpms-0.8.0~dev1/src/tpm2/DA.c Examining data/libtpms-0.8.0~dev1/src/tpm2/DA_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/DebugHelpers.c Examining data/libtpms-0.8.0~dev1/src/tpm2/DebugHelpers_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/DictionaryAttackLockReset_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/DictionaryAttackParameters_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/DictionaryCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Duplicate_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/DuplicationCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/EACommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ECC_Parameters_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ECDH_KeyGen_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ECDH_ZGen_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EC_Ephemeral_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EccTestData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EncryptDecrypt2_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EncryptDecrypt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EncryptDecrypt_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/EncryptDecrypt_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Entity.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Entity_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Entropy.c Examining data/libtpms-0.8.0~dev1/src/tpm2/EphemeralCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/EventSequenceComplete_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/EvictControl_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ExecCommand.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ExecCommand_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/FlushContext_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetCapability_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetCommandAuditDigest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetRandom_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetSessionAuditDigest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetTestResult_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GetTime_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Global.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Global.h Examining data/libtpms-0.8.0~dev1/src/tpm2/GpMacros.h Examining data/libtpms-0.8.0~dev1/src/tpm2/HMAC_Start_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/HMAC_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Handle.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Handle_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/HashCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/HashSequenceStart_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/HashTestData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Hash_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Hierarchy.c Examining data/libtpms-0.8.0~dev1/src/tpm2/HierarchyChangeAuth_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/HierarchyCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/HierarchyControl_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Hierarchy_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Import_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/IncrementalSelfTest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/IntegrityCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/InternalRoutines.h Examining data/libtpms-0.8.0~dev1/src/tpm2/IoBuffers.c Examining data/libtpms-0.8.0~dev1/src/tpm2/IoBuffers_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/KdfTestData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/LibtpmsCallbacks.c Examining data/libtpms-0.8.0~dev1/src/tpm2/LibtpmsCallbacks.h Examining data/libtpms-0.8.0~dev1/src/tpm2/LoadExternal_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Load_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Locality.c Examining data/libtpms-0.8.0~dev1/src/tpm2/LocalityPlat.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Locality_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/MAC_Start_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/MAC_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/MakeCredential_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ManagementCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Manufacture.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Manufacture_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Marshal.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Marshal_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/MathOnByteBuffers.c Examining data/libtpms-0.8.0~dev1/src/tpm2/MathOnByteBuffers_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Memory.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Memory_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/MinMax.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NVCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/NVDynamic_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NVMarshal.c Examining data/libtpms-0.8.0~dev1/src/tpm2/NVMarshal.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NVMem.c Examining data/libtpms-0.8.0~dev1/src/tpm2/NVReserved.c Examining data/libtpms-0.8.0~dev1/src/tpm2/NVReserved_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_Certify_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_ChangeAuth_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_DefineSpace_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_Extend_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_GlobalWriteLock_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_Increment_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_ReadLock_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_ReadPublic_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_Read_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_SetBits_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_UndefineSpaceSpecial_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_UndefineSpace_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_WriteLock_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_Write_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/NV_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/OIDs.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Object.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ObjectChangeAuth_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ObjectCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Object_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Object_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Object_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_Allocate_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_Event_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_Extend_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_Read_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_Reset_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_SetAuthPolicy_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_SetAuthValue_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PCR_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PP.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PPPlat.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PP_Commands_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PP_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PRNG_TestVectors.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Platform.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformACT.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformACT.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformACT_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformClock.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformData.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PlatformData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Platform_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyAuthValue_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyAuthorizeNV_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyAuthorize_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyCommandCode_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyCounterTimer_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyCpHash_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyDuplicationSelect_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyGetDigest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyLocality_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyNV_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyNameHash_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyNvWritten_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyOR_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyPCR_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyPassword_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyPhysicalPresence_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyRestart_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicySecret_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicySigned_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyTemplate_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PolicyTicket_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Policy_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Policy_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Power.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PowerPlat.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Power_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/PrimeData.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PropertyCap.c Examining data/libtpms-0.8.0~dev1/src/tpm2/PropertyCap_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Quote_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/RSA_Decrypt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/RSA_Encrypt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/RandomCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ReadClock_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ReadPublic_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Response.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ResponseCodeProcessing.c Examining data/libtpms-0.8.0~dev1/src/tpm2/ResponseCodeProcessing_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Response_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Rewrap_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/RsaTestData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/RunCommand.c Examining data/libtpms-0.8.0~dev1/src/tpm2/SelfTest.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SelfTest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SequenceComplete_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SequenceUpdate_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Session.c Examining data/libtpms-0.8.0~dev1/src/tpm2/SessionCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/SessionProcess.c Examining data/libtpms-0.8.0~dev1/src/tpm2/SessionProcess_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Session_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SetAlgorithmSet_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SetCommandCodeAuditStatus_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SetPrimaryPolicy_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Shutdown_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Sign_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SigningCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Simulator_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/StartAuthSession_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/StartupCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Startup_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/StateMarshal.c Examining data/libtpms-0.8.0~dev1/src/tpm2/StateMarshal.h Examining data/libtpms-0.8.0~dev1/src/tpm2/StirRandom_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SupportLibraryFunctionPrototypes_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SymmetricCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/SymmetricTest.h Examining data/libtpms-0.8.0~dev1/src/tpm2/SymmetricTestData.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TPMB.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TPMCmdp.c Examining data/libtpms-0.8.0~dev1/src/tpm2/TcpServerPosix_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TestParms_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TestingCommands.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Ticket.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Ticket_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Time.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Time_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Tpm.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmAlgorithmDefines.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmAsn1.c Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmAsn1.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmAsn1_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmBuildSwitches.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmError.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmFail.c Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmFail_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmProfile.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmSizeChecks.c Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmSizeChecks_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmTcpProtocol.h Examining data/libtpms-0.8.0~dev1/src/tpm2/TpmTypes.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Unique.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Unmarshal.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Unmarshal_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Unseal_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Utils.h Examining data/libtpms-0.8.0~dev1/src/tpm2/VendorString.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Vendor_TCG_Test.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Vendor_TCG_Test_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/VerifySignature_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/Volatile.c Examining data/libtpms-0.8.0~dev1/src/tpm2/Volatile.h Examining data/libtpms-0.8.0~dev1/src/tpm2/X509.h Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_ECC.c Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_ECC_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_RSA.c Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_RSA_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_spt.c Examining data/libtpms-0.8.0~dev1/src/tpm2/X509_spt_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/ZGen_2Phase_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/_TPM_Hash_Data_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/_TPM_Hash_End_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/_TPM_Hash_Start_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/_TPM_Init_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptCmac_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptDes_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptEcc.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptEccKeyExchange_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptEccMain_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptEccSignature_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptHash.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptHash_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptPrimeSieve_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptPrime_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptRand.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptRand_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptRsa.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptRsa_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptSelfTest_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptSmac_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptSym.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptSym_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptTest.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptUtil_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/BnConvert_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/BnMath_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/BnMemory_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/BnValues.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptCmac.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptDataEcc.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptDes.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptEccKeyExchange.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptEccMain.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptEccSignature.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrime.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrimeSieve.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptSmac.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptSym.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/Helpers.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/Helpers_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/LibSupport.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslDesSupport.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslDesSupport_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslMath.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslMath.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslMath_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslSupport.c Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslSupport_fp.h Examining data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslSym.h Examining data/libtpms-0.8.0~dev1/src/tpm2/swap.h Examining data/libtpms-0.8.0~dev1/src/tpm2/NVDynamic.c Examining data/libtpms-0.8.0~dev1/src/tpm_library.c Examining data/libtpms-0.8.0~dev1/src/tpm_library_conf.h Examining data/libtpms-0.8.0~dev1/src/tpm_library_intern.h Examining data/libtpms-0.8.0~dev1/src/tpm_tpm12_interface.c Examining data/libtpms-0.8.0~dev1/src/tpm_tpm12_tis.c Examining data/libtpms-0.8.0~dev1/src/tpm_tpm2_interface.c Examining data/libtpms-0.8.0~dev1/src/tpm_tpm2_tis.c Examining data/libtpms-0.8.0~dev1/tests/base64decode.c Examining data/libtpms-0.8.0~dev1/tests/freebl_sha1flattensize.c Examining data/libtpms-0.8.0~dev1/tests/fuzz-main.c Examining data/libtpms-0.8.0~dev1/tests/fuzz.cc Examining data/libtpms-0.8.0~dev1/tests/nvram_offsets.c Examining data/libtpms-0.8.0~dev1/tests/tpm2_createprimary.c Examining data/libtpms-0.8.0~dev1/tests/tpm2_pcr_read.c Examining data/libtpms-0.8.0~dev1/tests/tpm2_selftest.c FINAL RESULTS: data/libtpms-0.8.0~dev1/src/compiler.h:43:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format (printf, STRING_IDX, FIRST_TO_CHECK))) data/libtpms-0.8.0~dev1/src/tpm12/tpm_debug.c:46:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/libtpms-0.8.0~dev1/src/tpm12/tpm_debug.h:63:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf swallow_rc = swallow_rc && tpm_swallow_printf_args data/libtpms-0.8.0~dev1/src/tpm12/tpm_debug.h:69:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) TPMLIB_LogPrintf(__VA_ARGS__); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:138:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state_directory, tpm_state_path); data/libtpms-0.8.0~dev1/src/tpm_library.c:487:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = vsnprintf(buffer, sizeof(buffer), format, args); data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c:165:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER random; /* Random data to XOR with result. */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c:169:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Init(&random); /* freed @1 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c:325:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Set(&random, o1Oaep_size, r1InnerWrapKey); data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c:385:52: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Store(response, &random); data/libtpms-0.8.0~dev1/src/tpm12/tpm_maint.c:434:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Delete(&random); /* @1 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:805:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER *random, /* String used for xor encryption */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:851:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rc = TPM_SizedBuffer_Set(random, o1_size, r1); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:949:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER random; /* String used for xor encryption */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:955:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Init(&random); /* freed @3 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1197:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. &random, /* string for XOR encryption */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1237:52: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Store(response, &random); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1305:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Delete(&random); /* @3 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1354:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER random; /* Random value used to hide key data. */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1390:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Init(&random); /* freed @2 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1412:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Load(&random, &command, ¶mSize); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1525:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (d1DecryptLength != random.size) { data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1528:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. d1DecryptLength, random.size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1540:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_XOR(o1Oaep, d1Decrypt, random.buffer, d1DecryptLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:1636:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Delete(&random); /* @2 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:2936:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER random; /* String used for xor encryption */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:2946:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Init(&random); /* freed @7 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3327:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. &random, data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3345:52: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Store(response, &random); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3401:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Delete(&random); /* @7 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3861:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER random; /* Random value used to hide key data. */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3905:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Init(&random); /* freed @4 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:3942:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. returnCode = TPM_SizedBuffer_Load(&random, &command, ¶mSize); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:4048:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (d1DecryptLength != random.size) { data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:4051:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. d1DecryptLength, random.size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:4063:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_XOR(o1Oaep, d1Decrypt, random.buffer, d1DecryptLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.c:4277:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SizedBuffer_Delete(&random); /* @4 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_migration.h:142:51: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TPM_SIZED_BUFFER *random, data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:121:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tpm_state_path = getenv("TPM_PATH"); data/libtpms-0.8.0~dev1/src/tpm2/Entropy.c:151:6: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)_plat__RealTime() ^ _getpid()); data/libtpms-0.8.0~dev1/src/tpm2/Entropy.c:153:6: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)_plat__RealTime() ^ getpid()); data/libtpms-0.8.0~dev1/src/tpm2/crypto/CryptRand_fp.h:130:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE *random, // OUT: buffer to receive the random values data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:706:25: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. BYTE *random, // OUT: buffer to receive the random values data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:741:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. MemoryCopy(random, data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:761:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. kdf->limit, random, &counter, blocks); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:816:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. EncryptDRBG(random, randomSize, &keySchedule, pDRBG_IV(seed), data/libtpms-0.8.0~dev1/src/tpm12/tpm_audit.c:908:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d1SignInfo.fixed, "ADIG", TPM_SIGN_INFO_FIXED_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_auth.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_authdata, *stream, TPM_AUTHDATA_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_counter.c:432:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst_tpm_counter_value->label, src_tpm_counter_value->label, TPM_COUNTER_LABEL_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_counter.c:453:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_counter_value->label, label, TPM_COUNTER_LABEL_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:166:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char userKey[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:176:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TPM_RESULT TPM_AES_ctr128_encrypt(unsigned char *data_out, data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:177:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *data_in, data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:180:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctr[TPM_AES_BLOCK_SIZE]); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2170:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(decrypt_data_pad, decrypt_data, decrypt_length); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2547:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[TPM_AES_BLOCK_SIZE]; /* initial chaining vector */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2569:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(decrypt_data_pad, decrypt_data, decrypt_length); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2607:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[TPM_AES_BLOCK_SIZE]; /* initial chaining vector */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2685:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctr[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2728:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TPM_RESULT TPM_AES_ctr128_encrypt(unsigned char *data_out, data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2729:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *data_in, data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2732:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctr[TPM_AES_BLOCK_SIZE]) data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2736:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad_buffer[TPM_AES_BLOCK_SIZE]; /* the XOR pad */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto.c:2795:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:72:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char pHashConst[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:164:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char userKey[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:628:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seed[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:629:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pHash[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:690:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seed[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:901:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message_der, sha1Oid, sizeof(sha1Oid)); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:903:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message_der + sizeof(sha1Oid), message, message_size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:1175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output + index, input, inputLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:1312:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encodedMessage + encodedMessageLength - messageLength, message, messageLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:1375:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outputData, inputData + inputDataLength - *outputDataLength, *outputDataLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:1726:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*bin_out) + padBytes - bin_in_length, /* start copy after padding */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2214:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[TPM_AES_BLOCK_SIZE]; /* initial chaining vector */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2260:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(decrypt_data_pad, decrypt_data, decrypt_length); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2281:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_key[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2282:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_ivec[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2319:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec[TPM_AES_BLOCK_SIZE]; /* initial chaining vector */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2402:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_key[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2403:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_ivec[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2441:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctr[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2442:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad_buffer[TPM_AES_BLOCK_SIZE]; /* the XOR pad */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2525:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_key[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2559:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ivec_loop[TPM_AES_BLOCK_SIZE]; /* ivec input to loop */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2560:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad_buffer[TPM_AES_BLOCK_SIZE]; /* the XOR pad */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2633:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ivec_loop, pad_buffer, TPM_AES_BLOCK_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_crypto_freebl.c:2638:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dummy_key[TPM_AES_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1091:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipad[TPM_HMAC_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1092:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char opad[TPM_HMAC_BLOCK_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1297:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char counter[4]; /* 4 octets */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1318:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(counter, &count_n, 4); data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1337:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask + outLen, lastDigest, maskLen - outLen); data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:1390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seedBuffer, vaBuffer, vaLength); data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2103:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(db, pHash, TPM_DIGEST_SIZE); /* pHash */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2111:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(db + emLen - fLen - TPM_DIGEST_SIZE, from, fLen); /* M */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2232:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pHash, db, TPM_DIGEST_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to, db + i, *tLen); data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2328:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data2[50]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2332:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pHash_in[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2333:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pHash_out[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2334:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seed_in[TPM_DIGEST_SIZE] = {0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2337:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char seed_out[TPM_DIGEST_SIZE]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2338:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char oaep_in[8] = {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07}; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2339:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char oaep_pad[256]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2340:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char oaep_out[8]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2345:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char clrStream[64]; /* expected */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2363:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char encrypt_data[2048/8]; /* encrypted data */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_cryptoh.c:2992:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_sign_info.fixed, "SIGN", TPM_SIGN_INFO_FIXED_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:705:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_daa_issuer->DAA_generic_q, src_daa_issuer->DAA_generic_q, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:992:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_daa_context->DAA_scratch, src_daa_context->DAA_scratch, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:1109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_daa_joindata->DAA_join_u0, src_daa_joindata->DAA_join_u0, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:1111:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_daa_joindata->DAA_join_u1, src_daa_joindata->DAA_join_u1, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:1450:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_daa_session_data->DAA_session.DAA_scratch, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:1508:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_daa_session_data->DAA_session.DAA_scratch, data/libtpms-0.8.0~dev1/src/tpm12/tpm_daa.c:4684:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*out + outSize - inSize, in, inSize); /* copy right bytes */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_digest.c:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destination, source, TPM_DIGEST_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_load.c:218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, *stream, data_length); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nonce.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destination, source, TPM_NONCE_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:93:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_directory[FILENAME_MAX]; data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; /* rooted file name from name */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:198:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "rb"); /* closed @1 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; /* rooted file name from name */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:310:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, "wb"); /* closed @1 */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FILENAME_MAX]; /* rooted file name from name */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram.c:2329:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((d1NvdataSensitive->data) + offset, data.buffer, data.size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram.c:2364:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_state->tpm_permanent_data.authDIR, data.buffer, TPM_DIGEST_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvram.c:2713:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((d1NvdataSensitive->data) + offset, data.buffer, data.size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_pcr.c:2325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tpm_quote_info->fixed), "QUOT", 4); data/libtpms-0.8.0~dev1/src/tpm12/tpm_pcr.c:2438:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_quote_info2->fixed, "QUT2", 4); data/libtpms-0.8.0~dev1/src/tpm12/tpm_process.c:192:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tpm_cap_version_info->tpmVendorID), TPM_VENDOR_ID, data/libtpms-0.8.0~dev1/src/tpm12/tpm_process.c:208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(tpm_cap_version_info->tpmVendorID), TPM_VENDOR_ID, data/libtpms-0.8.0~dev1/src/tpm12/tpm_secret.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destination, source, TPM_SECRET_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_session.c:3267:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b1ContextBlob.label, label, TPM_CONTEXT_LABEL_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_sizedbuffer.c:122:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_sized_buffer->buffer, data, size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_sizedbuffer.c:305:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_sized_buffer->buffer + tpm_sized_buffer->size, /* append at end */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_storage.c:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tpm_bound_data->payloadData, *stream, tpm_bound_data->payloadDataSize); data/libtpms-0.8.0~dev1/src/tpm12/tpm_store.c:261:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuffer->buffer_current, data, data_length); data/libtpms-0.8.0~dev1/src/tpm12/tpm_store.c:457:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuffer->buffer + paramSizeOffset, &nParamSize, sizeof(uint32_t)); data/libtpms-0.8.0~dev1/src/tpm12/tpm_store.c:497:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[256]; /* dummy data */ data/libtpms-0.8.0~dev1/src/tpm12/tpm_ticks.c:813:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h1SignInfo.fixed, "TSTP", TPM_SIGN_INFO_FIXED_SIZE); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:92:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, index); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, size - index - len); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:141:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, index); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, size - index - len); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:2081:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(decryptCmd, wrappedCmd.buffer, wrappedCmd.size); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:2454:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encryptRsp, wrappedRspStream ,wrappedRspStreamSize); data/libtpms-0.8.0~dev1/src/tpm12/tpm_transport.c:2817:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(h1SignInfo.fixed, "TRAN", TPM_SIGN_INFO_FIXED_SIZE); data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmTests.c:430:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmTests.c:477:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); data/libtpms-0.8.0~dev1/src/tpm2/AlgorithmTests.c:539:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); data/libtpms-0.8.0~dev1/src/tpm2/DebugHelpers.c:88:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, mode); data/libtpms-0.8.0~dev1/src/tpm2/DebugHelpers.c:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeString[100]; data/libtpms-0.8.0~dev1/src/tpm2/Entropy.c:179:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entropy, &rndNum, ret); data/libtpms-0.8.0~dev1/src/tpm2/Marshal.c:163:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buffer, sourceBuffer, sourceSize); data/libtpms-0.8.0~dev1/src/tpm2/NVMarshal.c:76:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char assertion_failed_nvram[ data/libtpms-0.8.0~dev1/src/tpm2/NVMem.c:116:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s_NvFile = fopen(s_NvFilePath, mode); data/libtpms-0.8.0~dev1/src/tpm2/NVMem.c:355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &s_NV[startOffset], size); // Copy data from RAM data/libtpms-0.8.0~dev1/src/tpm2/NVMem.c:389:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s_NV[startOffset], data, size); // Copy the data to the NV image data/libtpms-0.8.0~dev1/src/tpm2/PlatformData.h:127:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN unsigned char s_NV[NV_MEMORY_SIZE]; data/libtpms-0.8.0~dev1/src/tpm2/TpmFail.c:262:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s_failFunction, function, sizeof(uint32_t)); data/libtpms-0.8.0~dev1/src/tpm2/Unmarshal.c:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(targetBuffer, *buffer, targetSize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:278:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&outBuf[offsetof(HASH_STATE,value)], &internalFmt->value, \ data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:286:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:294:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], &from->hmacKey, data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:325:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:365:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dOut, &temp, dOutSize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptHash.c:549:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->hmacKey.t.buffer, key, keySize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrimeSieve.c:286:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pField, seedValues, sizeof(seedValues)); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrimeSieve.c:289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pField, seedValues, i); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrimeSieve.c:473:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char a[256]; data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptPrimeSieve.c:479:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(a, "{%d, %d, %d}", i[0], i[1], i[2]); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:142:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dfState->iv[0], init, 8); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:161:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:211:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, &dfState.iv[0], sizeof(DRBG_SEED)); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:243:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entropy, DRBG_NistTestVector_Entropy, data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:341:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dOut, temp, dOutBytes); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRand.c:463:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:323:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pp[hLen + padLen], message->buffer, message->size); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:418:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataOut->buffer, pm, i); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:441:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&padded->buffer[padded->size - message->size], message->buffer, data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:489:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:955:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:1332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scratch.t.buffer[scratch.t.size - dSize], &dIn->buffer[i], dSize); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:1358:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, label->buffer, label->size); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptRsa.c:1444:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, label->buffer, label->size); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptSym.c:601:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dOut, pOut, outlen1 + outlen2); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/CryptSym.c:699:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dOut, pOut, outlen1 + outlen2); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/Helpers.c:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyToUse, key, keySizeInBytes); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/Helpers.c:157:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&keyToUse[16], &keyToUse[0], 8); data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:156:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateCopy_SHA1 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:157:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateExport_SHA1 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:158:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateImport_SHA1 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:162:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateCopy_SHA256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:163:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateExport_SHA256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:164:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateImport_SHA256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:168:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateCopy_SHA384 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:169:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateExport_SHA384 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:170:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateImport_SHA384 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:174:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateCopy_SHA512 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:175:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateExport_SHA512 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:176:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateImport_SHA512 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:180:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateCopy_SM3_256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:181:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateExport_SM3_256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslHash.h:182:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define tpmHashStateImport_SM3_256 memcpy data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslMath.c:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[LARGEST_NUMBER + 1]; // libtpms added data/libtpms-0.8.0~dev1/src/tpm2/crypto/openssl/TpmToOsslMath.c:144:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[LARGEST_NUMBER + 1]; data/libtpms-0.8.0~dev1/src/tpm_library.c:280:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&libtpms_cbs, callbacks, max_size); data/libtpms-0.8.0~dev1/src/tpm_library.c:480:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libtpms-0.8.0~dev1/src/tpm_library.c:524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[20]; data/libtpms-0.8.0~dev1/src/tpm_library.c:560:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[80]; data/libtpms-0.8.0~dev1/src/tpm_library.c:635:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buffer, cached_blobs[st].buffer, *buflen); data/libtpms-0.8.0~dev1/src/tpm_tpm12_interface.c:462:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stream, buffer, buflen); data/libtpms-0.8.0~dev1/src/tpm_tpm2_interface.c:223:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*respbuffer, resp.Buffer, resp.BufferSize); data/libtpms-0.8.0~dev1/src/tpm_tpm2_interface.c:457:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bak_NV[NV_MEMORY_SIZE]; data/libtpms-0.8.0~dev1/src/tpm_tpm2_interface.c:594:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stream, buffer, buflen); data/libtpms-0.8.0~dev1/tests/base64decode.c:14:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(name, "rb"); data/libtpms-0.8.0~dev1/tests/fuzz-main.c:16:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(name, "rb"); data/libtpms-0.8.0~dev1/src/tpm12/tpm_nvfile.c:130:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(tpm_state_path); data/libtpms-0.8.0~dev1/src/tpm2/BnConvert.c:147:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (unsigned)strlen(hex); data/libtpms-0.8.0~dev1/src/tpm2/Memory.c:109:2: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal |= (*b1++ ^ *b2++); data/libtpms-0.8.0~dev1/src/tpm_library.c:308:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bmem = BIO_new_mem_buf(input, strlen(input)); data/libtpms-0.8.0~dev1/src/tpm_library.c:423:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start += strlen(starttag); ANALYSIS SUMMARY: Hits = 224 Lines analyzed = 181934 in approximately 5.53 seconds (32925 lines/second) Physical Source Lines of Code (SLOC) = 112842 Hits@level = [0] 3157 [1] 5 [2] 173 [3] 40 [4] 6 [5] 0 Hits@level+ = [0+] 3381 [1+] 224 [2+] 219 [3+] 46 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 29.9622 [1+] 1.98508 [2+] 1.94077 [3+] 0.40765 [4+] 0.0531717 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.