Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_connect.c
Examining data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_fragment.c
Examining data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_listen.c
Examining data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/chargen_server_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/client.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/daytime_server.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/daytime_server_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/ekr_client.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/ekr_server.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/http_client.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.h
Examining data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/st_client.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/test_libmgmt.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/test_timer.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c
Examining data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_bsd_addr.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_bsd_addr.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_callout.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_callout.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_cc_functions.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_constants.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_crc32.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_crc32.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_header.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_lock_userspace.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_peeloff.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_peeloff.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sha1.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sha1.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_ss_functions.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_structs.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_timer.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_timer.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_uio.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_var.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet6/sctp6_usrreq.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet6/sctp6_var.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_atomic.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_environment.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_environment.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_inpcb.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_ip6_var.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_ip_icmp.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_malloc.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_queue.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_route.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socketvar.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_uma.h
Examining data/libusrsctp-0.9.3.0+20201102/usrsctplib/usrsctp.h
FINAL RESULTS:
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:97:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (vsnprintf(charbuf, 1024, format, ap) < 0) {
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:126:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (vsnprintf(charbuf, 1024, format, ap) < 0) {
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:156:6: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (vsnprintf(charbuf, 1024, format, ap) < 0) {
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:228:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(data, __VA_ARGS__) < 0 ) { \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:809:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(data, __VA_ARGS__) < 0) { \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3211:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(dump_buf, PREAMBLE_LENGTH + 1, PREAMBLE_FORMAT,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3229:6: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (snprintf(dump_buf, PREAMBLE_LENGTH + 1, PREAMBLE_FORMAT,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3240:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dump_buf + pos, HEADER);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3257:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dump_buf + pos, TRAILER);
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:169:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(pc->mutex));
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:199:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(pc->mutex));
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:463:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:cd:DE:f:l:L:n:p:P:R:S:t:T:uU:vV")) != -1)
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:431:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:DE:f:Hl:L:n:p:R:S:T:uU:vV")) != -1)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:811:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (authinfo->random != NULL)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:812:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_free_key(authinfo->random);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1503:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (stcb->asoc.authinfo.random != NULL)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1504:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_free_key(stcb->asoc.authinfo.random);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1555:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_compute_hashkey(stcb->asoc.authinfo.random,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1700:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_compute_hashkey(stcb->asoc.authinfo.random,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2013:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (stcb->asoc.authinfo.random != NULL)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2014:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_free_key(stcb->asoc.authinfo.random);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.h:92:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
sctp_key_t *random; /* local random key (concatenated) */
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_callout.h:57:37: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define SCTP_TIMERQ_LOCK() EnterCriticalSection(&SCTP_BASE_VAR(timer_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_callout.h:59:37: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
#define SCTP_TIMERQ_LOCK_INIT() InitializeCriticalSection(&SCTP_BASE_VAR(timer_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:298:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() rand()
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:299:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(s) srand(s)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:299:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(s) srand(s)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:5212:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (stcb->asoc.authinfo.random != NULL) {
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:122:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&SCTP_BASE_INFO(wq_addr_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:126:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(wq_addr_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:132:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&SCTP_BASE_INFO(ipi_ep_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:136:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(ipi_ep_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:140:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(ipi_ep_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:147:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&SCTP_BASE_INFO(ipi_pktlog_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:151:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(ipi_pktlog_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:161:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(_inp)->inp_rdata_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:165:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_rdata_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:170:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(_inp)->inp_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:177:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_mtx); \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:182:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_mtx); \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:186:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:188:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:194:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(_tcb)->tcb_send_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:198:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_tcb)->tcb_send_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:206:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(_inp)->inp_create_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:213:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_create_mtx); \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:217:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_inp)->inp_create_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:236:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(_tcb)->tcb_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:243:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_tcb)->tcb_mtx); \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:247:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_tcb)->tcb_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:500:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&(_so_buf)->sb_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:535:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&SCTP_BASE_INFO(ipi_addr_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:539:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(ipi_addr_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:543:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&SCTP_BASE_INFO(ipi_addr_mtx))
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:552:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&sctp_it_ctl.it_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:556:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&sctp_it_ctl.it_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:561:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&sctp_it_ctl.ipi_iterator_wq_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_process_lock.h:565:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&sctp_it_ctl.ipi_iterator_wq_mtx)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c:359:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&(cv->waiters_count_lock));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c:377:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c:385:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c:391:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (mtx);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_userspace.c:399:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cv->waiters_count_lock);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_atomic.h:178:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&atomic_mtx);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_atomic.h:184:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&atomic_mtx);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:92:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&accept_mtx);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socketvar.h:245:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&accept_mtx); \
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socketvar.h:277:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(SOCKBUF_MTX(_sb))
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_connect.c:436:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz_packet_buffer, fuzz_common_header, COMMON_HEADER_SIZE); // common header
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_connect.c:437:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz_packet_buffer + COMMON_HEADER_SIZE, data + 1, data_size - 1);
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_fragment.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz_packet_buffer, data_common_headr, COMMON_HEADER_SIZE); // common header
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_fragment.c:335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fuzz_packet_buffer + COMMON_HEADER_SIZE, data+fuzz_data_count, data_chunk_size);
data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c:161:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "w");
data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c:193:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c, argv[i], arg_len);
data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[PCAP_ERRBUF_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/chargen_server_upcall.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[95];
data/libusrsctp-0.9.3.0+20201102/programs/chargen_server_upcall.c:162:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/chargen_server_upcall.c:192:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/client.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libusrsctp-0.9.3.0+20201102/programs/client.c:110:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[4]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/client.c:138:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/client.c:147:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/client.c:162:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr4.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/client.c:163:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/client.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client.c:236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client.c:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:145:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[4]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:168:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:179:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:197:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr4.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:198:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server.c:73:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server.c:89:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server_upcall.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server_upcall.c:96:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server_upcall.c:113:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c:144:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/discard_server.c:173:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c:97:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr4, (struct sockaddr_in *)&addr, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c:106:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr6, (struct sockaddr_in6 *)&addr, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c:158:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/discard_server_upcall.c:188:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c:159:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/echo_server.c:188:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c:99:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr4, (struct sockaddr_in *)&addr, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c:108:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr6, (struct sockaddr_in6 *)&addr, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c:175:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/echo_server_upcall.c:205:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_client.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_client.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_client.c:207:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_client.c:228:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[4]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:207:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:221:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:270:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:284:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:356:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client_port = atoi(argv[1]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:360:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server_port = atoi(argv[2]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop.c:364:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
crc32c_offloading = atoi(argv[3]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:237:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:300:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:391:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen("ekr_loop_upcall.log", "a+");
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:400:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client_port = atoi(argv[1]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:404:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
server_port = atoi(argv[2]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_loop_upcall.c:408:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
crc32c_offloading = atoi(argv[3]);
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_LENGTH];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:202:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:223:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[4]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:276:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sconn.sconn_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:286:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sconn.sconn_port = htons(atoi(argv[6]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_server.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/ekr_server.c:205:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/ekr_server.c:226:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[4]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request[512];
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:144:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr4.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:154:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:162:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[4]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:219:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bind4.sin_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:234:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bind6.sin6_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:248:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:70:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request[512];
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:172:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr4.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:182:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr6.sin6_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:190:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[4]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:239:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bind4.sin_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:254:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bind6.sin6_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:268:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[1024];
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[1024];
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char charbuf[1024];
data/libusrsctp-0.9.3.0+20201102/programs/programs_helper.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[LINE_LENGTH + 1];
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1336:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
usrsctp_init(atoi(argv[1]), NULL, debug_printf_stack);
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1353:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encaps.sue_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1398:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(argv[4]));
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1414:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(argv[3]));
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PACKET_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:307:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[2]));
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:328:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sin.sin_port = htons(atoi(argv[4]));
data/libusrsctp-0.9.3.0+20201102/programs/st_client.c:376:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sconn.sconn_port = htons(atoi(argv[5]));
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:466:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ind.ssb_adaptation_ind = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:472:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
round_duration = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:478:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:481:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_messages = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:484:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:487:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
policy = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:490:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_udp_port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:493:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fragpoint = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:501:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcvbufsize = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:504:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sndbufsize = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:507:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timetolive = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:510:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
runtime = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:517:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_udp_port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:540:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ind.ssb_adaptation_ind = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:551:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
length = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:559:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:567:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
policy = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:575:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_messages = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:583:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fragpoint = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:599:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_udp_port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:607:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_udp_port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:615:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcvbufsize = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:623:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sndbufsize = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:631:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timetolive = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:639:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
runtime = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp.c:775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char output[200];
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[INET_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:434:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ind.ssb_adaptation_ind = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:440:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_udp_port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:443:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fragpoint = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:449:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_message_length = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:458:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_messages = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:461:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:464:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcvbufsize = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:467:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sndbufsize = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:470:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_runtime = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:477:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_udp_port = atoi(optarg);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:500:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ind.ssb_adaptation_ind = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:511:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_udp_port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:519:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fragpoint = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:530:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_message_length = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:546:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_messages = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:554:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:562:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rcvbufsize = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:570:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sndbufsize = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:578:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
par_runtime = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/programs/tsctp_upcall.c:590:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_udp_port = atoi(opt);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlv, error_tlv, tlv_length);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6->sin6_addr, v6addr->addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:529:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sin6->sin6_addr, v6addr->addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:1323:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:1338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aa->ap.addrp.addr, &sin->sin_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:1538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aa->ap.addrp.addr, &sin6->sin6_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:1552:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aa->ap.addrp.addr, &sin->sin_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:1736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:2690:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lookup->addr, &aa->ap.addrp.addr, addr_size);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:2695:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &aa->ap, p_length);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:2764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lookup->addr, addr_ptr, addr_size);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:2844:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sin6.sin6_addr, a6p->addr, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_asconf.c:2997:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6_tmp, sin6,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_list, list, sizeof(*new_list));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:342:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key, key, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:431:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, shared->key, shared->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:435:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, key1->key, key1->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:439:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, key2->key, key2->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:444:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, shared->key, shared->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:448:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, key2->key, key2->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:452:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_ptr, key1->key, key1->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:770:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &hmac_id, sizeof(hmac_id));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:973:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipad, key, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:974:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opad, key, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1033:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipad, key, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1034:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opad, key, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->key, temp, key->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1142:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->key, temp, key->keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1487:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key, p_random, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1493:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key + keylen, chunks,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1499:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key + keylen, hmacs,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:1718:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, auth->hmac, digestlen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2083:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "Hi There");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2098:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(key, "Jefe");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2100:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "what do ya want for nothing?");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19", keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2152:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "Test With Truncation");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2169:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "Test Using Larger Than Block-Size Key - Hash Key First");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_auth.c:2186:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data");
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_bsd_addr.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SCTP_IFNAMSIZ];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_bsd_addr.c:981:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)lenat, (void *)SCTP_BASE_VAR(packet_log_buffer), this_copy);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_header.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SCTP_ARRAY_MIN_LEN]; /* host name */
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_header.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[SCTP_ADDRMAX];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outinfo, sinfo, sizeof(struct sctp_extrcvinfo));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:1712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2721:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, SCTP_BUF_LEN((*mm)));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2756:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2767:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:2878:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:3999:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:4547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_indata.c:5596:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:655:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sin6.sin6_addr, cp->heartbeat.hb_info.address, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:669:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sconn.sconn_addr, cp->heartbeat.hb_info.address, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:2409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sin6.sin6_addr, cookie->laddress, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:2420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sconn.sconn_addr, cookie->laddress, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:2620:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->address, &sconnp->sconn_addr , sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:2627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->laddress, &sconnp->sconn_addr , sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:2840:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sconn.sconn_addr, cookie->address, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:3277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bkup, cp, sizeof(struct old_sctp_ecne_chunk));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:4197:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&liste->list_of_streams, req->list_of_streams, number_entries * sizeof(uint16_t));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:4621:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(desc.data_bytes, data_chunk + 1, SCTP_NUM_DB_TO_VERIFY);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:4645:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(desc.data_bytes, idata_chunk + 1, SCTP_NUM_DB_TO_VERIFY);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:4736:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_input.c:5752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:219:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(srcKey, dstKey, len) memcpy(dstKey, srcKey, len)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_os_userspace.h:219:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(srcKey, dstKey, len) memcpy(dstKey, srcKey, len)
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:2848:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6, &ro->ro_dst, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:2895:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lsa6, &sifa->address.sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:3979:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stc, stc_in, sizeof(struct sctp_state_cookie));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:4253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ro->ro_dst, to, to->sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:4255:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ro->ro_dst, to, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:4372:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iproute, ro, sizeof(*ro));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:4598:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ro->ro_dst, sin6, sin6->sin6_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:4600:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ro->ro_dst, sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:5223:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(randp, stcb->asoc.authinfo.random->key, parameter_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:5847:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6003:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.address, &src6->sin6_addr, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6171:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.laddress, &dst6->sin6_addr, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6184:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.address, &srcconn->sconn_addr, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6191:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.laddress, &dstconn->sconn_addr, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6267:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.address, &sin6->sin6_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6287:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.laddress, &net->ro._s_addr->address.sin6.sin6_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6299:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.address, &sconn->sconn_addr, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6305:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&stc.laddress, &sconn->sconn_addr, sizeof(void *));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:7250:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:7396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ca->sndrcv, srcv, sizeof(struct sctp_nonpad_sndrcvinfo));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:10125:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:12105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hb->heartbeat.hb_info.address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:12112:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hb->heartbeat.hb_info.address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:12119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hb->heartbeat.hb_info.address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:14619:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:14901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gw6.sin6_addr, &pfxrtr->router->rtaddr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_a, a, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp_b, b, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:668:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sctp_ifap->address, addr, addr->sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:678:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:683:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sctp_ifap->address, addr, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:2422:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin4.sin_addr, &p4->addr, sizeof(p4->addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:2443:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6.sin6_addr, &p6->addr, sizeof(p6->addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:2681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin6->sin6_addr, &p6->addr, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:2710:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sin->sin_addr, &p4->addr, sizeof(struct in_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:3060:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_inp->sctp_ep.secret_key, old_inp->sctp_ep.secret_key,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:3678:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sin, addr, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:3684:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sin6, addr, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:3690:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&store.sconn, addr, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:4448:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&net->ro._l_addr, newaddr, newaddr->sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:4454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:4462:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:4470:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&net->ro._l_addr, newaddr, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7177:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sin6.sin6_addr, p6->addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7271:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[SCTP_DIAG_INFO_LEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7356:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sin6.sin6_addr.s6_addr,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7607:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key, p_random, keylen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7613:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key + keylen, chunks,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.c:7619:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_key->key + keylen, hmacs,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifn_name[SCTP_IFNAMSIZ];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_pcb.h:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char align[(sizeof(struct inpcb) + SCTP_ALIGNM1) &
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sha1.c:207:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->sha_block[ctx->how_many_in_block],
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sha1.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->sha_block[ctx->how_many_in_block],
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sha1.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sha_block[64];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&xladdr.address, (const void *)&sctp_ifa->address, sizeof(union sctp_sockstore));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.c:399:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&xladdr.address, (const void *)&laddr->ifa->address, sizeof(union sctp_sockstore));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.c:1003:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sarry, &sb_temp, sizeof(struct sctpstat));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_sysctl.c:1013:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&SCTP_BASE_STATS, &sb_temp, sizeof(struct sctpstat));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, src->sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1417:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1591:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, sin, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1661:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:1676:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sctp_ifa->address.sconn, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:2532:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vrf_ids, inp->m_vrf_ids, siz_needed);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:2865:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &net->ro._l_addr, cpsz);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:2868:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &net->ro._l_addr, cpsz);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3244:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sstat->sstat_primary.spinfo_address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3251:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sstat->sstat_primary.spinfo_address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3258:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sstat->sstat_primary.spinfo_address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3265:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sstat->sstat_primary.spinfo_address,
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3419:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_info, &stcb->asoc.def_send, sizeof(stcb->asoc.def_send));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s_info, &inp->def_send, sizeof(inp->def_send));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3473:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ssp->ssp_addr, &addr->sin, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ssp->ssp_addr, &addr->sin, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3482:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ssp->ssp_addr, &addr->sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:3487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ssp->ssp_addr, &addr->sconn, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_usrreq.c:4981:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tarray, inp->m_vrf_ids, (sizeof(uint32_t) * inp->vrf_size));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:1472:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_array1, asoc->mapping_array, asoc->mapping_array_size);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:1473:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_array2, asoc->nr_mapping_array, asoc->mapping_array_size);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3176:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, mtod(m, caddr_t) + off, count);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sac->sac_info, abort, abort_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3436:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3439:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3449:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:3473:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&spc->spc_aaddr, sa, sizeof(struct sockaddr_conn));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:4202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sre->sre_data, chunk, chunk_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:5011:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip6buf[INET6_ADDRSTRLEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:5441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cause->info, info, info_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:6565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(from, &store, min((size_t)fromlen, len));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet6/sctp6_usrreq.c:1550:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet6/sctp6_usrreq.c:1613:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr, &sin6, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_environment.c:130:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + position, &randval, remaining);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_environment.c:151:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_ip_icmp.h:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_data[1];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_malloc.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mth_name[MALLOC_MAX_NAME];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtod(m, caddr_t) + m->m_len,mtod(n, caddr_t), (u_int)count);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1036:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( mtod(n->m_next, caddr_t), mtod(n, caddr_t) + off,hlen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1058:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtod(o, caddr_t), mtod(n, caddr_t) + off, hlen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1170:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + off, (u_int)n->m_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + 1, t + 1, t->m_tag_len); /* Copy the data */
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1292:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(off + mtod(m, caddr_t), cp, (u_int)mlen);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1368:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, mtod(m, caddr_t) + off, count);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtod(m, caddr_t) + m->m_len, mtod(n, caddr_t), (u_int)n->m_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtod(n, caddr_t), mtod(m, caddr_t) + len, remain);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.c:1559:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+offset, mtod(mb, caddr_t), count_to_copy);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.h:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MH_databuf[MHLEN];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_mbuf.h:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char M_databuf[MLEN]; /* !M_PKTHDR, !M_EXT */
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rt_buffer[1024];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:239:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa->sin_addr, inp, sizeof(struct in_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:248:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sa6->sin6_addr, inp, sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof (struct in6_pktinfo))];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ControlBuffer[1024];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:578:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&dst.sin6_addr, (const void *) &(info->ipi6_addr), sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:659:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(struct in_pktinfo))];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof(struct in_addr))];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:672:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ControlBuffer[1024];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:782:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&dst.sin_addr, (const void *)&(info->ipi_addr), sizeof(struct in_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:794:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&dst.sin_addr, (const void *)addr, sizeof(struct in_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:871:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsgbuf[CMSG_SPACE(sizeof (struct in6_pktinfo))];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:881:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ControlBuffer[1024];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_recv_thread.c:995:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&dst.sin6_addr, (const void *)&(info->ipi6_addr), sizeof(struct in6_addr));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:646:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iov->iov_base, cp, cnt);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, iov->iov_base, cnt);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:704:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sp.spinfo_address, sa, sa->sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t)&sp.spinfo_address, sa, sa_len);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:2599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SCTP_STACK_BUF_SIZE];
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:2630:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpto, at, sizeof(struct sockaddr_in));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:2658:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpto, at, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:2667:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpto, at, sizeof(struct sockaddr_in6));
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_connect.c:391:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usrsctp_sendv(socket_client, sendbuffer, strlen(sendbuffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
data/libusrsctp-0.9.3.0+20201102/fuzzer/fuzzer_connect.c:431:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usrsctp_sendv(socket_client, sendbuffer, strlen(sendbuffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c:184:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argv[i]) + 1;
data/libusrsctp-0.9.3.0+20201102/fuzzer/pcap2corpus.c:192:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arg_len = strlen(argv[i]);
data/libusrsctp-0.9.3.0+20201102/programs/chargen_server_upcall.c:139:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (usrsctp_sendv(upcall_socket, buffer, strlen(buffer), NULL, 0, &snd_info, (socklen_t)sizeof(struct sctp_sndinfo), SCTP_SENDV_SNDINFO, 0) < 0) {
data/libusrsctp-0.9.3.0+20201102/programs/client.c:272:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usrsctp_sendv(sock, buffer, strlen(buffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:311:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)] = '\0';
data/libusrsctp-0.9.3.0+20201102/programs/client_upcall.c:312:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usrsctp_sendv(sock, buffer, strlen(buffer), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server.c:125:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (usrsctp_sendv(conn_sock, buffer, strlen(buffer), NULL, 0, (void *)&sndinfo,
data/libusrsctp-0.9.3.0+20201102/programs/daytime_server_upcall.c:83:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
usrsctp_sendv(conn_sock, buffer, strlen(buffer), NULL, 0, (void *)&sndinfo,
data/libusrsctp-0.9.3.0+20201102/programs/ekr_peer.c:314:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (usrsctp_sendv(s, line, strlen(line), NULL, 0, (void *)&sndinfo,
data/libusrsctp-0.9.3.0+20201102/programs/http_client.c:295:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (usrsctp_sendv(sock, request, strlen(request), NULL, 0, &sndinfo, sizeof(struct sctp_sndinfo), SCTP_SENDV_SNDINFO, 0) < 0) {
data/libusrsctp-0.9.3.0+20201102/programs/http_client_upcall.c:130:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bytesSent = usrsctp_sendv(sock, request, strlen(request), NULL, 0, NULL, 0, SCTP_SENDV_NOINFO, 0);
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1458:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, "?", strlen("?")) == 0 ||
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1459:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(line, "help", strlen("help")) == 0) {
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1467:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(line, "status", strlen("status")) == 0) {
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1471:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(line, "quit", strlen("quit")) == 0) {
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1507:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (send_user_message(&peer_connection, &peer_connection.channels[id], msg, strlen(msg))) {
data/libusrsctp-0.9.3.0+20201102/programs/rtcweb.c:1509:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (send_user_message(&peer_connection, &peer_connection.channels[id], msg, strlen(msg) - 1)) {
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctp_output.c:6318:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
min(strlen(SCTP_VERSION_STRING), sizeof(stc.identification)));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/netinet/sctputil.c:5430:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info_len = strlen(info);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_environment.c:163:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, (char *)buf + position, size - position);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3203:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dump_buf = malloc(PREAMBLE_LENGTH + strlen(HEADER) + 3 * len + strlen(TRAILER) + 1)) == NULL) {
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3203:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((dump_buf = malloc(PREAMBLE_LENGTH + strlen(HEADER) + 3 * len + strlen(TRAILER) + 1)) == NULL) {
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3238:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy_s(dump_buf + pos, strlen(HEADER) + 1, HEADER, strlen(HEADER));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3238:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy_s(dump_buf + pos, strlen(HEADER) + 1, HEADER, strlen(HEADER));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3242:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(HEADER);
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3255:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy_s(dump_buf + pos, strlen(TRAILER) + 1, TRAILER, strlen(TRAILER));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3255:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy_s(dump_buf + pos, strlen(TRAILER) + 1, TRAILER, strlen(TRAILER));
data/libusrsctp-0.9.3.0+20201102/usrsctplib/user_socket.c:3259:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(TRAILER);
ANALYSIS SUMMARY:
Hits = 472
Lines analyzed = 103605 in approximately 2.63 seconds (39364 lines/second)
Physical Source Lines of Code (SLOC) = 82225
Hits@level = [0] 406 [1] 30 [2] 374 [3] 59 [4] 9 [5] 0
Hits@level+ = [0+] 878 [1+] 472 [2+] 442 [3+] 68 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 10.678 [1+] 5.74035 [2+] 5.37549 [3+] 0.826999 [4+] 0.109456 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.