Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/mkmeta/mkmetadef.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/mkmeta/mkmetastruct.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211conv.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211types.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211hdr.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211netdev.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211metamib.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211ioctl.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211meta.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211metamsg.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/wlan_compat.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211req.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211msg.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211mgmt.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/include/prism2/prism2mgmt.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/include/prism2/hfa384x.h
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_cs.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_pci.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_plx.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_usb.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211metamsg.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211meta.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211metamib.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wep.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211req.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211mod.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c
Examining data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c
Examining data/linux-wlan-ng-0.2.9+dfsg/scripts/get_version.c
Examining data/linux-wlan-ng-0.2.9+dfsg/add-ons/lwepgen/lwepgen.c
Examining data/linux-wlan-ng-0.2.9+dfsg/add-ons/keygen/keygen.c
Examining data/linux-wlan-ng-0.2.9+dfsg/doc/codingstd/format.srcfile.c
Examining data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c
FINAL RESULTS:
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:95:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((j < keylen-1) ? "%02x:" : "%02x\n", wep_key[i][j]);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1059:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wlandev->name, dev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1188:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "p80211 version: %s (%s)\n\n",
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1190:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "name : %s\n", wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1191:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "nsd name : %s\n", wlandev->nsdname);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1195:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "nsd caps : %s%s%s%s%s%s%s%s%s%s\n",
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1212:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "Enabled : %s%s\n",
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1460:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ifname, "INTERFACE=%s", wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1461:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nsdname, "NSDNAME=%s", wlandev->nsdname);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1467:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(wlan_wext, "WLAN_WEXT=%s", wlan_wext_write ? "y" : "");
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1468:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(action_str, "ACTION=%s", action);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:376:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( appname, APPNAME );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:456:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": too many RAM files on cmd line. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:465:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": too many FLASH files on cmd line. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:474:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": too many ADDPDR files on cmd line. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:483:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": -p specified more than once. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:495:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": -m specified more than once. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:499:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": mac address format error. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:507:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": -S specified more than once. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:514:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": unrecognized option -%c.\n", optch);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:523:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": -n and -d are mutually exclusive. Exiting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:532:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME": missing argument - devname\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:571:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(getmsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:681:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME ": error, you must specifify a pda location\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:696:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:710:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME ": Can't flash a RAM download image!\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:715:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME ": Incompatible firmware image.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:726:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:734:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:745:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:763:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:777:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME ": Incompatible firmware image.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:782:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME ": Can't RAM download a Flash image!\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:793:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:801:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:817:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:830:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(APPNAME": finished.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:885:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:937:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( req.name, msg->devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1068:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME": failed to allocate image space, exitting.\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1095:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1208:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1244:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(statemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1255:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(writemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1277:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1283:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1302:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1308:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1322:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1328:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1387:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1409:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1424:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1549:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg.devname, dev);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1599:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME": invalid pdr length (0x%04x) encountered (pdrcode=0x%04x), exiting.\n", pdrlen, pdrcode);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1633:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf( stderr, APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1713:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, APPNAME": failed to compile pda regexp err=%s.\n", ebuf);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1828:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME":%s:%d warning: No initial \'S\'\n", fname, line);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1844:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME":%s:%d warning: Unknown S-record detected.\n", fname, line);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2151:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fstatemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2162:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fwritemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2179:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rstatemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2193:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rwritemsg.devname, devname);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2221:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2229:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2290:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2298:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2324:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2332:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,APPNAME
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c:3753:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg->devname, wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:4402:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg->devname, wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_cs.c:578:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hw->node.dev_name, wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_cs.c:1110:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hw->node.dev_name, wlandev->name);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2390:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
p += sprintf(p, "# %s version %s (%s) '%s'\n\n",
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:77:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ifname, "%s", argv[1] );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:78:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ofname1, "%s.txt", argv[2] );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:80:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ifname, "%s", argv[1] );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:81:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ofname1, "%s.html", argv[2] );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:82:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ofname2, "%s.txt", argv[2] );
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:203:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, P80211ENUM_BADSTR);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:207:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( text, ep->list[i].name );
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:252:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\'", meta->name);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:256:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\'%s\'", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:263:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\'%s\'", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:271:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:451:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=", meta->name);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:461:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:468:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:476:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:668:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%u", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:671:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:678:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:686:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:851:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s",
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:864:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"",
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:868:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:875:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:883:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1060:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1064:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1071:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s=%s",
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1081:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", mibdid,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1088:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1096:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1155:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1159:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1166:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=%s=%s",
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1176:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", mibdid,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1183:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "%s=\"%s\"", meta->name,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( textbuf, "0x%08x=\"%s\"", did,
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1559:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "0x%08x=\"%s\"", did, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1565:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=\"%s\"", meta->name, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1570:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=%s", meta->name, NOT_SUPPORTED);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1574:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf = textbuf + sprintf(textbuf, "%s=", meta->name);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1577:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
buf += sprintf(buf, (i == 0) ? "%u" : ",%u", data[i]);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1772:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "0x%08x=\"%s\"", did, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1778:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=\"%s\"", meta->name, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1783:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=%s", meta->name, NOT_SUPPORTED);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1789:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
buf = textbuf + sprintf(textbuf, "%s=", meta->name);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1970:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "0x%08x=\"%s\"", did, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1976:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=\"%s\"", meta->name, error_msg);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1981:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(textbuf, "%s=%s", meta->name, NOT_SUPPORTED);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1987:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
cnt = sprintf(textbuf, "%s=", meta->name);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1990:10: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cnt += sprintf(textbuf+cnt, (i==0) ?
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:643:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((mib->did & P80211DID_ACCESS_READ) ?
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:645:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((mib->did & P80211DID_ACCESS_WRITE) ?
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:978:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpstr+1, value);
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:1099:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, eq+1);
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.c:212:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( req.name, devname);
data/linux-wlan-ng-0.2.9+dfsg/add-ons/keygen/keygen.c:148:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, "s")) != EOF) {
data/linux-wlan-ng-0.2.9+dfsg/add-ons/lwepgen/lwepgen.c:138:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((ch = getopt(argc, argv, "s")) != EOF) {
data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c:80:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "ws")) != -1) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:419:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( ((optch = getopt(argc, argv, opts)) != EOF) && (result == 0) ) {
data/linux-wlan-ng-0.2.9+dfsg/add-ons/keygen/keygen.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keys, buf, WEPSTRONGKEYSTORE);
data/linux-wlan-ng-0.2.9+dfsg/add-ons/lwepgen/lwepgen.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keys, buf, WEPKEYSTORE);
data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c:96:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infd = open(argv[optind], O_RDONLY);
data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c:115:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfd = open(argv[optind+1], O_TRUNC|O_CREAT|O_WRONLY, 0644);
data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record_new->data, &(record->addr), 4);
data/linux-wlan-ng-0.2.9+dfsg/debian/srec2fw.c:238:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroes[6] = {0, 0, 0, 0, 0, 0};
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211ioctl.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[WLAN_DEVNAMELEN_MAX];
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211netdev.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[WLAN_DEVNAMELEN_MAX]; /* Dev name, from register_wlandev()*/
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211netdev.h:201:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct wlandevice *wlandev);
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/p80211netdev.h:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spy_address[IW_MAX_SPY][ETH_ALEN];
data/linux-wlan-ng-0.2.9+dfsg/src/mkmeta/mkmetastruct.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[82];
data/linux-wlan-ng-0.2.9+dfsg/src/mkmeta/mkmetastruct.c:70:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "p80211msg");
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void nwepgen(char *genstr, int keylen, UINT8 wep_key[WLAN_WEP_NKEYS][WLAN_WEP_MAXKEYLEN]);
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:81:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
keylen = (argc < 3) ? 5 : atoi(argv[2]);
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
nwepgen(char *genstr, int keylen, UINT8 wep_key[WLAN_WEP_NKEYS][WLAN_WEP_MAXKEYLEN])
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:134:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pseed[4]={0,0,0,0};
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e_snap->oui, oui_8021h, WLAN_IEEE_OUI_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( e_snap->oui, oui_rfc1042, WLAN_IEEE_OUI_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:206:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a3, wlandev->bssid, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a1, wlandev->bssid, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a2, wlandev->netdev->dev_addr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a3, &e_hdr.daddr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:218:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a1, &e_hdr.daddr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:219:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a2, wlandev->bssid, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p80211_hdr->a3.a3, &e_hdr.saddr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wlandev->spy_address[i], mac, ETH_ALEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daddr, w_hdr->a3.a1, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daddr, w_hdr->a3.a3, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saddr, w_hdr->a3.a2, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(daddr, w_hdr->a4.a3, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:342:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saddr, w_hdr->a4.a4, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:464:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:491:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->daddr, daddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211conv.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e_hdr->saddr, saddr, WLAN_ETHADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:284:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( wlandev->open != NULL) {
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:285:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = wlandev->open(wlandev);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:533:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p80211_hdr, skb->data, sizeof(p80211_hdr_t));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:817:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dot11req.devname,
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:830:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&macaddr->data.data, new_addr->sa_data, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:850:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->dev_addr, new_addr->sa_data, dev->addr_len);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1192:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "address : %02x:%02x:%02x:%02x:%02x:%02x\n",
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1208:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "bssid : %02x:%02x:%02x:%02x:%02x:%02x\n",
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1215:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "msdstate=%d\n", wlandev->msdstate);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1455:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[3], *envp[7], ifname[12 + IFNAMSIZ], action_str[32];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsdname[32], wlan_wext[32];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1463:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ifname, "INTERFACE=null");
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211netdev.c:1464:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nsdname, "NSDNAME=null");
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wep.c:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wlandev->wep_keys[keynum], key, keylen);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wep.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key+3, wlandev->wep_keys[keyidx], keylen);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wep.c:274:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key+3, wlandev->wep_keys[keynum], keylen);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[IW_ESSID_MAX_SIZE];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg.ssid.data.data, ssid, data.length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:295:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "IEEE 802.11-DS");
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:299:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "IEEE 802.11-b");
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:327:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:480:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap_addr->sa_data, wlandev->bssid, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, wlandev->wep_keys[i], erq->length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:692:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wlandev->wep_keys[i], key, erq->length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:695:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr.data.data, key, erq->length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:722:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &pstr, sizeof(pstr));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:782:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(essid, wlandev->ssid.data, data->length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:838:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg.ssid.data.data, essid, length);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:903:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:962:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1011:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1043:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1092:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1259:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1315:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1348:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg.mibattribute.data, &mibitem, sizeof(mibitem));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address, extra, sizeof(struct sockaddr)*number);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1392:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wlandev->spy_address[i], address[i].sa_data, ETH_ALEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1426:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(address[i].sa_data, wlandev->spy_address[i], ETH_ALEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1428:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&spy_stat[i], &wlandev->spy_stat[i], sizeof(struct iw_quality));
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1438:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extra, address, sizeof(struct sockaddr)*number);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1439:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extra+sizeof(struct sockaddr)*number, spy_stat, sizeof(struct iw_quality)*number);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1528:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iwe.u.ap_addr.sa_data, bss->bssid.data.data, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char essid[IW_ESSID_MAX_SIZE + 1];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1542:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&essid, bss->ssid.data.data, size);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1703:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wlandev->wep_keys[idx], ext->key, ext->key_len);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1707:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data.data, ext->key,ext->key_len);
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:1786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ext->key, wlandev->wep_keys[idx] , ext->key_len );
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:2058:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssid[IW_ESSID_MAX_SIZE+1];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:2079:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[MAX_KEYLEN];
data/linux-wlan-ng-0.2.9+dfsg/src/p80211/p80211wext.c:2151:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.ap_addr.sa_data, wlandev->bssid, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:208:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appname[APPNAME_MAX + 1];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:210:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[16];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:225:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rfname[RAMFILES_MAX][FILENAME_MAX+1]; /* -r filenames */
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:228:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ffname[FLASHFILES_MAX][FILENAME_MAX+1]; /* -f filenames */
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:232:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addpdrfname[ADDPDRFILES_MAX][FILENAME_MAX+1]; /* -a filenames */
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:235:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newpdafname[FILENAME_MAX+1]; /* -p filename */
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:241:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sernum[SERNUM_LEN_MAX+1]; /* -S serial # string */
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( clist[j].data + coffset, s3data[i].data, s3data[i].len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(writemsg.data.data, pda->buf, writemsg.len.data);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1447:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dest, &(pda->rec[j]->data), s3plug[i].len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1561:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pda->buf, msg.pda.data, HFA384x_PDA_LEN_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1629:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pda->rec[j],
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1645:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( endp, &(pdword[i]), (pdrlen + 1)*sizeof(UINT16));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[PDAFILE_LINE_MAX];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1697:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ebuf[100];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1700:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pdrfile = fopen(pdrfname, "r");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1805:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SREC_LINE_MAX];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[30];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1817:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "r");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1850:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3LEN_TXTOFFSET, S3LEN_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1854:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3ADDR_TXTOFFSET, S3ADDR_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1863:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3PLUG_ITEMCODE_TXTOFFSET, S3PLUG_ITEMCODE_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1868:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3PLUG_ADDR_TXTOFFSET, S3PLUG_ADDR_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1873:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3PLUG_LEN_TXTOFFSET, S3PLUG_LEN_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1890:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3CRC_ADDR_TXTOFFSET, S3CRC_ADDR_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1895:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3CRC_LEN_TXTOFFSET, S3CRC_LEN_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1900:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3CRC_DOWRITE_TXTOFFSET, S3CRC_DOWRITE_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1916:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3INFO_LEN_TXTOFFSET, S3INFO_LEN_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1921:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3INFO_TYPE_TXTOFFSET, S3INFO_TYPE_TXTLEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1928:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpbuf, buf+S3INFO_DATA_TXTOFFSET+(i*4), 4);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1958:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpbuf, buf+S3DATA_TXTOFFSET+(i*2), 2);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2241:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2247:1: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "d%06lx.dat", fchunk[i].addr);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2248:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( fname, "w");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2261:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fwritemsg.data.data,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:2270:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rwritemsg.data.data,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c:3126:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(txdesc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c:3618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap, &rxdesc.frame_control, WLAN_HDR_A3_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c:3623:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap, &rxdesc.address4, WLAN_HDR_A3_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x.c:3828:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( datap, &(rxdesc->frame_control), hdrlen);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:912:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(complete->riddata,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:964:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(complete->data, complete->rmemresp->data, complete->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:2037:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctlx->outbuf.wridreq.data, riddata, riddatalen);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:2237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctlx->outbuf.wmemreq.data, data, len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:3479:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:3495:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:3497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p80211_wep->data, skb->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:3499:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, skb->data, skb->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:3506:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:4478:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( datap, &(rxdesc->frame_control), hdrlen);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/hfa384x_usb.c:4484:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datap, rxfrm->data, datalen);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2_cs.c:1163:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (link->open) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:308:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scanreq.ssid.data, msg->ssid.data.data, msg->ssid.data.len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:517:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->bssid.data.data, item->bssid, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->ssid.data.data, item->ssid.data, req->ssid.data.len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( joinreq.bssid, ((unsigned char *) &msg->bssid.data) + 1, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:1211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wlandev->ssid, &msg->ssid.data, sizeof(msg->ssid.data));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:1536:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( wlandev->bssid, wlandev->netdev->dev_addr, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:1610:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( wlandev->bssid, wlandev->netdev->dev_addr, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mgmt.c:2639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wlandev->ssid, &msg->ssid.data, sizeof(msg->ssid.data));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2005:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, &wordbuf[1], pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytebuf, hw->dot11_grp_addr[0], len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2506:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, fwid.primary, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2510:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, fwid.secondary, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &wlandev->rx, sizeof(wlandev->rx));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2725:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test, &wlandev->rx, sizeof(wlandev->rx));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2759:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2762:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(test,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2783:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macarray->data[macarray->cnt], old.addr[i], WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2800:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macarray->data[macarray->cnt], old.addr[i], WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2819:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, hw->comment, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2825:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->comment, pstr->data, cnt);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2844:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macarray->data, hw->allow.addr,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2856:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macarray->data, hw->deny.addr,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2903:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, wpa.data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2906:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wpa.data, pstr->data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2963:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, &hw->authlist, sizeof(prism2sta_authlist_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2964:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&test, &hw->authlist, sizeof(prism2sta_authlist_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->allow.addr, macarray->data, macarray->cnt*WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3113:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->allow.addr1, macarray->data, macarray->cnt*WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->deny.addr, macarray->data, macarray->cnt*WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->deny.addr1, macarray->data, macarray->cnt*WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytestr->data, pstr->data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3304:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bytearea, pstr->data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3329:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, bytestr->data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3354:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, bytearea, len);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pstr->data, hw->dot11_grp_addr[index],
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:3641:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->dot11_grp_addr[hw->dot11_grpcnt], pstr->data,
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:846:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[(HFA384x_RID_NICSERIALNUMBER_LEN * 4) + 1];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1331:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( joinreq.bssid, sr->result[0].bssid, WLAN_BSSID_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1377:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->scanresults, inf, sizeof(hfa384x_InfFrame_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inf->info.chinforesult, &hw->channel_info.results, sizeof(hfa384x_ChInfoResult_t));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1824:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skb->data, inf, sizeof(*inf));
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1848:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec.address, inf->info.authreq.sta_addr, WLAN_ADDR_LEN);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:1960:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hw->authlist.addr[hw->authlist.cnt],
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2394:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "# nic h/w: id=0x%02x %d.%d.%d\n",
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2398:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "# pri f/w: id=0x%02x %d.%d.%d\n",
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2403:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "# sta f/w: id=0x%02x %d.%d.%d\n",
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2407:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "# ap f/w: id=0x%02x %d.%d.%d\n",
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2413:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "# initial nic hw type, needed for SSF ramdl\n");
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2sta.c:2414:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "initnichw=%04x\n", hwtype);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname1[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:80:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (data_fptr = fopen(ifname, "r")) == NULL ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:85:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (txt_fptr = fopen(ofname1, "w")) == NULL ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname1[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ofname2[BUFF_LEN + 2];
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:84:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (data_fptr = fopen(ifname, "r")) == NULL ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:89:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (html_fptr = fopen(ofname1, "w")) == NULL ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:95:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (txt_fptr = fopen(ofname2, "w")) == NULL ) {
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:260:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:454:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( &textbuf[strlen(textbuf)],
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:465:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:675:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:682:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:859:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:872:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:879:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1040:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1076:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1085:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1187:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1796:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
buf += sprintf(buf, "%u,", (UINT32) i);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:1962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_msg[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:283:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100], value[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:405:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pair[500], *ch;
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:955:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[MSG_BUFF_LEN];
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c:278:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char access_type[8];
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c:282:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(access_type,"-w" );
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c:285:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(access_type,"r-" );
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c:288:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(access_type,"rw" );
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/help.c:291:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(access_type,"--" );
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.c:409:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgptr, tmpitem, itemlen);
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/wlan_compat.h:751:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define wlan_mkprintstr(buf, buflen, str, strlen) \
data/linux-wlan-ng-0.2.9+dfsg/src/include/wlan/wlan_compat.h:755:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(str, 0, (strlen)); \
data/linux-wlan-ng-0.2.9+dfsg/src/nwepgen/nwepgen.c:138:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(genstr);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:459:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rfname[opt_ramloadcnt], optarg, FILENAME_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:468:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ffname[opt_flashloadcnt], optarg, FILENAME_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:477:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addpdrfname[opt_addpdrcnt], optarg, FILENAME_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:487:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(newpdafname, optarg, FILENAME_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:510:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( sernum, optarg, SERNUM_LEN_MAX);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:537:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( devname, argv[optind], sizeof(devname) );
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1445:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, s3plug[i].len - 1);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/download/prism2dl.c:1858:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmprec.checksum = strtoul( buf+strlen(buf)-2, NULL, 16);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2505:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstr->len = strlen(fwid.primary);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2509:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstr->len = strlen(fwid.secondary);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/driver/prism2mib.c:2818:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstr->len = strlen(hw->comment);
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:115:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( buff[strlen(buff) - 1] == '\n' ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkmiblist.c:116:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[strlen(buff) - 1] = '\0';
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:196:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:206:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:216:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:226:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:236:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:246:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/prism2/ridlist/mkridlist.c:269:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( cptr) != 0 ) {
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:253:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat( textbuf, pstr->data, pstr->len);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:254:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat( textbuf, "\'", 1);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:332:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(textbuf);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:341:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pstr->data, textbuf, len);
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:454:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf( &textbuf[strlen(textbuf)],
data/linux-wlan-ng-0.2.9+dfsg/src/shared/p80211types.c:459:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
textbuf[strlen(textbuf) - 1] = '\0';
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:309:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.name, device, sizeof(req.name));
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:334:15: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
cnt = scanf("%99s", name); /* sizeof(name)-1 = 99 */
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:429:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.name, device, sizeof(req.name));
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:524:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(req.name, device, sizeof(req.name));
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:550:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pair) >= sizeof(pair)-1)
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:606:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(mib->name);
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:964:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg->devname, device, WLAN_DEVNAMELEN_MAX - 1);
data/linux-wlan-ng-0.2.9+dfsg/src/wlancfg/wlancfg.c:1100:41: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strchr(value, '=') == NULL) strcat(value, "=");
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.c:309:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(((p80211msg_t *)msg)->devname, devname,
data/linux-wlan-ng-0.2.9+dfsg/src/wlanctl/wlanctl.c:395:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(alist[i].name)) == 0 ) {
ANALYSIS SUMMARY:
Hits = 418
Lines analyzed = 52091 in approximately 1.38 seconds (37879 lines/second)
Physical Source Lines of Code (SLOC) = 33446
Hits@level = [0] 370 [1] 39 [2] 246 [3] 4 [4] 129 [5] 0
Hits@level+ = [0+] 788 [1+] 418 [2+] 379 [3+] 133 [4+] 129 [5+] 0
Hits/KSLOC@level+ = [0+] 23.5604 [1+] 12.4978 [2+] 11.3317 [3+] 3.97656 [4+] 3.85696 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.