Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mbedtls-2.16.5/configs/config-ccm-psk-tls1_2.h
Examining data/mbedtls-2.16.5/configs/config-mini-tls1_1.h
Examining data/mbedtls-2.16.5/configs/config-no-entropy.h
Examining data/mbedtls-2.16.5/configs/config-suite-b.h
Examining data/mbedtls-2.16.5/configs/config-thread.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_encdec.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_hashing.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_mainpage.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_rng.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_ssltls.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_tcpip.h
Examining data/mbedtls-2.16.5/doxygen/input/doc_x509.h
Examining data/mbedtls-2.16.5/include/mbedtls/aes.h
Examining data/mbedtls-2.16.5/include/mbedtls/aesni.h
Examining data/mbedtls-2.16.5/include/mbedtls/arc4.h
Examining data/mbedtls-2.16.5/include/mbedtls/aria.h
Examining data/mbedtls-2.16.5/include/mbedtls/asn1.h
Examining data/mbedtls-2.16.5/include/mbedtls/asn1write.h
Examining data/mbedtls-2.16.5/include/mbedtls/base64.h
Examining data/mbedtls-2.16.5/include/mbedtls/bignum.h
Examining data/mbedtls-2.16.5/include/mbedtls/blowfish.h
Examining data/mbedtls-2.16.5/include/mbedtls/bn_mul.h
Examining data/mbedtls-2.16.5/include/mbedtls/camellia.h
Examining data/mbedtls-2.16.5/include/mbedtls/ccm.h
Examining data/mbedtls-2.16.5/include/mbedtls/certs.h
Examining data/mbedtls-2.16.5/include/mbedtls/chacha20.h
Examining data/mbedtls-2.16.5/include/mbedtls/chachapoly.h
Examining data/mbedtls-2.16.5/include/mbedtls/check_config.h
Examining data/mbedtls-2.16.5/include/mbedtls/cipher.h
Examining data/mbedtls-2.16.5/include/mbedtls/cipher_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/cmac.h
Examining data/mbedtls-2.16.5/include/mbedtls/compat-1.3.h
Examining data/mbedtls-2.16.5/include/mbedtls/config.h
Examining data/mbedtls-2.16.5/include/mbedtls/ctr_drbg.h
Examining data/mbedtls-2.16.5/include/mbedtls/debug.h
Examining data/mbedtls-2.16.5/include/mbedtls/des.h
Examining data/mbedtls-2.16.5/include/mbedtls/dhm.h
Examining data/mbedtls-2.16.5/include/mbedtls/ecdh.h
Examining data/mbedtls-2.16.5/include/mbedtls/ecdsa.h
Examining data/mbedtls-2.16.5/include/mbedtls/ecjpake.h
Examining data/mbedtls-2.16.5/include/mbedtls/ecp.h
Examining data/mbedtls-2.16.5/include/mbedtls/ecp_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/entropy.h
Examining data/mbedtls-2.16.5/include/mbedtls/entropy_poll.h
Examining data/mbedtls-2.16.5/include/mbedtls/error.h
Examining data/mbedtls-2.16.5/include/mbedtls/gcm.h
Examining data/mbedtls-2.16.5/include/mbedtls/havege.h
Examining data/mbedtls-2.16.5/include/mbedtls/hkdf.h
Examining data/mbedtls-2.16.5/include/mbedtls/hmac_drbg.h
Examining data/mbedtls-2.16.5/include/mbedtls/md.h
Examining data/mbedtls-2.16.5/include/mbedtls/md2.h
Examining data/mbedtls-2.16.5/include/mbedtls/md4.h
Examining data/mbedtls-2.16.5/include/mbedtls/md5.h
Examining data/mbedtls-2.16.5/include/mbedtls/md_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/memory_buffer_alloc.h
Examining data/mbedtls-2.16.5/include/mbedtls/net.h
Examining data/mbedtls-2.16.5/include/mbedtls/net_sockets.h
Examining data/mbedtls-2.16.5/include/mbedtls/nist_kw.h
Examining data/mbedtls-2.16.5/include/mbedtls/oid.h
Examining data/mbedtls-2.16.5/include/mbedtls/padlock.h
Examining data/mbedtls-2.16.5/include/mbedtls/pem.h
Examining data/mbedtls-2.16.5/include/mbedtls/pk.h
Examining data/mbedtls-2.16.5/include/mbedtls/pk_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/pkcs11.h
Examining data/mbedtls-2.16.5/include/mbedtls/pkcs12.h
Examining data/mbedtls-2.16.5/include/mbedtls/pkcs5.h
Examining data/mbedtls-2.16.5/include/mbedtls/platform.h
Examining data/mbedtls-2.16.5/include/mbedtls/platform_time.h
Examining data/mbedtls-2.16.5/include/mbedtls/platform_util.h
Examining data/mbedtls-2.16.5/include/mbedtls/poly1305.h
Examining data/mbedtls-2.16.5/include/mbedtls/ripemd160.h
Examining data/mbedtls-2.16.5/include/mbedtls/rsa.h
Examining data/mbedtls-2.16.5/include/mbedtls/rsa_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/sha1.h
Examining data/mbedtls-2.16.5/include/mbedtls/sha256.h
Examining data/mbedtls-2.16.5/include/mbedtls/sha512.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl_cache.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl_ciphersuites.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl_cookie.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h
Examining data/mbedtls-2.16.5/include/mbedtls/ssl_ticket.h
Examining data/mbedtls-2.16.5/include/mbedtls/threading.h
Examining data/mbedtls-2.16.5/include/mbedtls/timing.h
Examining data/mbedtls-2.16.5/include/mbedtls/version.h
Examining data/mbedtls-2.16.5/include/mbedtls/x509.h
Examining data/mbedtls-2.16.5/include/mbedtls/x509_crl.h
Examining data/mbedtls-2.16.5/include/mbedtls/x509_crt.h
Examining data/mbedtls-2.16.5/include/mbedtls/x509_csr.h
Examining data/mbedtls-2.16.5/include/mbedtls/xtea.h
Examining data/mbedtls-2.16.5/library/aes.c
Examining data/mbedtls-2.16.5/library/aesni.c
Examining data/mbedtls-2.16.5/library/arc4.c
Examining data/mbedtls-2.16.5/library/aria.c
Examining data/mbedtls-2.16.5/library/asn1parse.c
Examining data/mbedtls-2.16.5/library/asn1write.c
Examining data/mbedtls-2.16.5/library/base64.c
Examining data/mbedtls-2.16.5/library/bignum.c
Examining data/mbedtls-2.16.5/library/blowfish.c
Examining data/mbedtls-2.16.5/library/camellia.c
Examining data/mbedtls-2.16.5/library/ccm.c
Examining data/mbedtls-2.16.5/library/certs.c
Examining data/mbedtls-2.16.5/library/chacha20.c
Examining data/mbedtls-2.16.5/library/chachapoly.c
Examining data/mbedtls-2.16.5/library/cipher.c
Examining data/mbedtls-2.16.5/library/cipher_wrap.c
Examining data/mbedtls-2.16.5/library/cmac.c
Examining data/mbedtls-2.16.5/library/ctr_drbg.c
Examining data/mbedtls-2.16.5/library/debug.c
Examining data/mbedtls-2.16.5/library/des.c
Examining data/mbedtls-2.16.5/library/dhm.c
Examining data/mbedtls-2.16.5/library/ecdh.c
Examining data/mbedtls-2.16.5/library/ecdsa.c
Examining data/mbedtls-2.16.5/library/ecjpake.c
Examining data/mbedtls-2.16.5/library/ecp.c
Examining data/mbedtls-2.16.5/library/ecp_curves.c
Examining data/mbedtls-2.16.5/library/entropy.c
Examining data/mbedtls-2.16.5/library/entropy_poll.c
Examining data/mbedtls-2.16.5/library/error.c
Examining data/mbedtls-2.16.5/library/gcm.c
Examining data/mbedtls-2.16.5/library/havege.c
Examining data/mbedtls-2.16.5/library/hkdf.c
Examining data/mbedtls-2.16.5/library/hmac_drbg.c
Examining data/mbedtls-2.16.5/library/md.c
Examining data/mbedtls-2.16.5/library/md2.c
Examining data/mbedtls-2.16.5/library/md4.c
Examining data/mbedtls-2.16.5/library/md5.c
Examining data/mbedtls-2.16.5/library/md_wrap.c
Examining data/mbedtls-2.16.5/library/memory_buffer_alloc.c
Examining data/mbedtls-2.16.5/library/net_sockets.c
Examining data/mbedtls-2.16.5/library/nist_kw.c
Examining data/mbedtls-2.16.5/library/oid.c
Examining data/mbedtls-2.16.5/library/padlock.c
Examining data/mbedtls-2.16.5/library/pem.c
Examining data/mbedtls-2.16.5/library/pk.c
Examining data/mbedtls-2.16.5/library/pk_wrap.c
Examining data/mbedtls-2.16.5/library/pkcs11.c
Examining data/mbedtls-2.16.5/library/pkcs12.c
Examining data/mbedtls-2.16.5/library/pkcs5.c
Examining data/mbedtls-2.16.5/library/pkparse.c
Examining data/mbedtls-2.16.5/library/pkwrite.c
Examining data/mbedtls-2.16.5/library/platform.c
Examining data/mbedtls-2.16.5/library/platform_util.c
Examining data/mbedtls-2.16.5/library/poly1305.c
Examining data/mbedtls-2.16.5/library/ripemd160.c
Examining data/mbedtls-2.16.5/library/rsa.c
Examining data/mbedtls-2.16.5/library/rsa_internal.c
Examining data/mbedtls-2.16.5/library/sha1.c
Examining data/mbedtls-2.16.5/library/sha256.c
Examining data/mbedtls-2.16.5/library/sha512.c
Examining data/mbedtls-2.16.5/library/ssl_cache.c
Examining data/mbedtls-2.16.5/library/ssl_ciphersuites.c
Examining data/mbedtls-2.16.5/library/ssl_cli.c
Examining data/mbedtls-2.16.5/library/ssl_cookie.c
Examining data/mbedtls-2.16.5/library/ssl_srv.c
Examining data/mbedtls-2.16.5/library/ssl_ticket.c
Examining data/mbedtls-2.16.5/library/ssl_tls.c
Examining data/mbedtls-2.16.5/library/threading.c
Examining data/mbedtls-2.16.5/library/timing.c
Examining data/mbedtls-2.16.5/library/version.c
Examining data/mbedtls-2.16.5/library/version_features.c
Examining data/mbedtls-2.16.5/library/x509.c
Examining data/mbedtls-2.16.5/library/x509_create.c
Examining data/mbedtls-2.16.5/library/x509_crl.c
Examining data/mbedtls-2.16.5/library/x509_crt.c
Examining data/mbedtls-2.16.5/library/x509_csr.c
Examining data/mbedtls-2.16.5/library/x509write_crt.c
Examining data/mbedtls-2.16.5/library/x509write_csr.c
Examining data/mbedtls-2.16.5/library/xtea.c
Examining data/mbedtls-2.16.5/programs/aes/aescrypt2.c
Examining data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c
Examining data/mbedtls-2.16.5/programs/hash/generic_sum.c
Examining data/mbedtls-2.16.5/programs/hash/hello.c
Examining data/mbedtls-2.16.5/programs/pkey/dh_client.c
Examining data/mbedtls-2.16.5/programs/pkey/dh_genprime.c
Examining data/mbedtls-2.16.5/programs/pkey/dh_server.c
Examining data/mbedtls-2.16.5/programs/pkey/ecdh_curve25519.c
Examining data/mbedtls-2.16.5/programs/pkey/ecdsa.c
Examining data/mbedtls-2.16.5/programs/pkey/gen_key.c
Examining data/mbedtls-2.16.5/programs/pkey/key_app.c
Examining data/mbedtls-2.16.5/programs/pkey/key_app_writer.c
Examining data/mbedtls-2.16.5/programs/pkey/mpi_demo.c
Examining data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c
Examining data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c
Examining data/mbedtls-2.16.5/programs/pkey/pk_sign.c
Examining data/mbedtls-2.16.5/programs/pkey/pk_verify.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_sign.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_verify.c
Examining data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c
Examining data/mbedtls-2.16.5/programs/random/gen_entropy.c
Examining data/mbedtls-2.16.5/programs/random/gen_random_ctr_drbg.c
Examining data/mbedtls-2.16.5/programs/random/gen_random_havege.c
Examining data/mbedtls-2.16.5/programs/ssl/dtls_client.c
Examining data/mbedtls-2.16.5/programs/ssl/dtls_server.c
Examining data/mbedtls-2.16.5/programs/ssl/mini_client.c
Examining data/mbedtls-2.16.5/programs/ssl/query_config.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_client1.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_client2.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_server.c
Examining data/mbedtls-2.16.5/programs/ssl/ssl_server2.c
Examining data/mbedtls-2.16.5/programs/test/benchmark.c
Examining data/mbedtls-2.16.5/programs/test/cpp_dummy_build.cpp
Examining data/mbedtls-2.16.5/programs/test/query_compile_time_config.c
Examining data/mbedtls-2.16.5/programs/test/selftest.c
Examining data/mbedtls-2.16.5/programs/test/udp_proxy.c
Examining data/mbedtls-2.16.5/programs/test/zeroize.c
Examining data/mbedtls-2.16.5/programs/util/pem2der.c
Examining data/mbedtls-2.16.5/programs/util/strerror.c
Examining data/mbedtls-2.16.5/programs/wince_main.c
Examining data/mbedtls-2.16.5/programs/x509/cert_app.c
Examining data/mbedtls-2.16.5/programs/x509/cert_req.c
Examining data/mbedtls-2.16.5/programs/x509/cert_write.c
Examining data/mbedtls-2.16.5/programs/x509/crl_app.c
Examining data/mbedtls-2.16.5/programs/x509/req_app.c
Examining data/mbedtls-2.16.5/tests/configs/config-wrapper-malloc-0-null.h
FINAL RESULTS:
data/mbedtls-2.16.5/include/mbedtls/aes.h:107:25: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
mbedtls_aes_context crypt; /*!< The AES context to use for AES block
data/mbedtls-2.16.5/include/mbedtls/platform.h:69:41: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf /**< The default \c snprintf function to use. */
data/mbedtls-2.16.5/include/mbedtls/platform.h:73:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_PRINTF printf /**< The default \c printf function to use. */
data/mbedtls-2.16.5/include/mbedtls/platform.h:76:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
data/mbedtls-2.16.5/include/mbedtls/platform.h:170:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/include/mbedtls/platform.h:194:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/aes.c:53:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/aes.c:538:29: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
mbedtls_aes_init( &ctx->crypt );
data/mbedtls-2.16.5/library/aes.c:547:29: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
mbedtls_aes_free( &ctx->crypt );
data/mbedtls-2.16.5/library/aes.c:787:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return mbedtls_aes_setkey_enc( &ctx->crypt, key1, key1bits );
data/mbedtls-2.16.5/library/aes.c:812:42: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return mbedtls_aes_setkey_dec( &ctx->crypt, key1, key1bits );
data/mbedtls-2.16.5/library/aes.c:1248:44: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
data/mbedtls-2.16.5/library/aes.c:1288:44: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
ret = mbedtls_aes_crypt_ecb( &ctx->crypt, mode, tmp, tmp );
data/mbedtls-2.16.5/library/arc4.c:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/aria.c:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/base64.c:40:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/bignum.c:57:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/camellia.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ccm.c:49:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/chacha20.c:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/chachapoly.c:41:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/cmac.c:65:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ctr_drbg.c:49:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/debug.c:37:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/debug.c:110:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
data/mbedtls-2.16.5/library/des.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/dhm.c:56:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ecjpake.c:811:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ecp.c:100:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/entropy.c:55:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/error.c:36:26: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/gcm.c:54:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/hmac_drbg.c:50:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/md2.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/md4.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/md5.c:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/nist_kw.c:51:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/oid.c:41:26: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/pkcs5.c:54:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/poly1305.c:41:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ripemd160.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/rsa.c:67:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/sha1.c:45:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/sha256.c:46:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/sha512.c:52:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/timing.c:32:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/timing.c:147:33: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#warning OpenBSD does not allow access to tick register using software version instead
data/mbedtls-2.16.5/library/x509.c:58:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/x509.c:59:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/x509_crl.c:57:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/x509_crt.c:59:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/x509_csr.c:57:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/library/xtea.c:40:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:38:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:39:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:39:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:40:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/hash/generic_sum.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/hash/generic_sum.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/hash/hello.c:33:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/dh_client.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/dh_genprime.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/dh_server.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/ecdh_curve25519.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/gen_key.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/key_app.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/mpi_demo.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:33:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:33:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:33:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:35:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:33:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:34:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:33:33: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/random/gen_entropy.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/random/gen_entropy.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/random/gen_random_ctr_drbg.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/random/gen_random_ctr_drbg.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/random/gen_random_havege.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/random/gen_random_havege.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:32:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:33:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:32:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:33:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/mini_client.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/query_config.c:32:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:35:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:36:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:238:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf( (char *) buf, GET_REQUEST );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:35:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:36:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:37:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:33:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:34:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:369:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf( (char *) buf, HTTP_RESPONSE,
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:40:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:41:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:665:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:691:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:745:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "%s\r\n", base );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:765:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "%s\r\n", base );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:780:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:793:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:819:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:34:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:35:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:36:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:219:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf( (char *) buf, HTTP_RESPONSE,
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:35:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:36:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:333:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf( (char *) buf, HTTP_RESPONSE,
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:37:28: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:38:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1547:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:3027:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf( (char *) buf, HTTP_RESPONSE,
data/mbedtls-2.16.5/programs/test/benchmark.c:34:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/test/benchmark.c:35:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/test/query_compile_time_config.c:33:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/test/selftest.c:71:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/test/selftest.c:72:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mbedtls_snprintf snprintf
data/mbedtls-2.16.5/programs/test/udp_proxy.c:42:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/test/zeroize.c:44:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/util/pem2der.c:35:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/util/strerror.c:32:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/x509/cert_app.c:35:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf fprintf
data/mbedtls-2.16.5/programs/x509/cert_app.c:36:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/x509/cert_req.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/x509/cert_write.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/x509/crl_app.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/programs/x509/req_app.c:33:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/mbedtls-2.16.5/library/ssl_tls.c:336:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random, size_t rlen,
data/mbedtls-2.16.5/library/ssl_tls.c:368:53: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 )
data/mbedtls-2.16.5/library/ssl_tls.c:397:43: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random, size_t rlen,
data/mbedtls-2.16.5/library/ssl_tls.c:420:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
memcpy( tmp + 20 + nb, random, rlen );
data/mbedtls-2.16.5/library/ssl_tls.c:496:50: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random, size_t rlen,
data/mbedtls-2.16.5/library/ssl_tls.c:519:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
memcpy( tmp + md_len + nb, random, rlen );
data/mbedtls-2.16.5/library/ssl_tls.c:559:49: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random, size_t rlen,
data/mbedtls-2.16.5/library/ssl_tls.c:563:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
label, random, rlen, dstbuf, dlen ) );
data/mbedtls-2.16.5/library/ssl_tls.c:570:49: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const unsigned char *random, size_t rlen,
data/mbedtls-2.16.5/library/ssl_tls.c:574:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
label, random, rlen, dstbuf, dlen ) );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:749:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( opt.seed );
data/mbedtls-2.16.5/include/mbedtls/aes.h:261:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:262:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aes.h:309:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:353:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data_unit[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:402:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:445:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:499:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:585:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:586:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:603:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:604:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aes.h:618:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:619:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aes.h:638:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:639:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aes.h:652:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aes.h:653:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aesni.h:81:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/aesni.h:82:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/aesni.h:97:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_aesni_gcm_mult( unsigned char c[16],
data/mbedtls-2.16.5/include/mbedtls/aesni.h:98:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char a[16],
data/mbedtls-2.16.5/include/mbedtls/aesni.h:99:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[16] );
data/mbedtls-2.16.5/include/mbedtls/arc4.h:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m[256]; /*!< permutation table */
data/mbedtls-2.16.5/include/mbedtls/aria.h:166:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/aria.h:167:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
data/mbedtls-2.16.5/include/mbedtls/aria.h:214:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/aria.h:265:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/aria.h:351:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/aria.h:352:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:129:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:130:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:164:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:205:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:277:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/blowfish.h:278:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/include/mbedtls/camellia.h:140:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/camellia.h:141:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/camellia.h:175:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/camellia.h:222:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/camellia.h:305:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16],
data/mbedtls-2.16.5/include/mbedtls/camellia.h:306:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16],
data/mbedtls-2.16.5/include/mbedtls/chacha20.h:118:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] );
data/mbedtls-2.16.5/include/mbedtls/chacha20.h:140:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/include/mbedtls/chacha20.h:205:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_chacha20_crypt( const unsigned char key[32],
data/mbedtls-2.16.5/include/mbedtls/chacha20.h:206:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:143:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] );
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:171:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:270:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] );
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:303:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:304:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *aad,
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:306:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:307:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *output,
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:308:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[16] );
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:337:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:338:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *aad,
data/mbedtls-2.16.5/include/mbedtls/chachapoly.h:340:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char tag[16],
data/mbedtls-2.16.5/include/mbedtls/cipher.h:306:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
data/mbedtls-2.16.5/include/mbedtls/cipher.h:313:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
data/mbedtls-2.16.5/include/mbedtls/cipher_internal.h:85:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data_unit[16],
data/mbedtls-2.16.5/include/mbedtls/cmac.h:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/include/mbedtls/cmac.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/include/mbedtls/cmac.h:194:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
data/mbedtls-2.16.5/include/mbedtls/cmac.h:195:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input, size_t in_len,
data/mbedtls-2.16.5/include/mbedtls/cmac.h:196:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/ctr_drbg.h:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char counter[16]; /*!< The counter (V). */
data/mbedtls-2.16.5/include/mbedtls/des.h:133:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/des.h:149:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/des.h:162:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/des.h:176:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/des.h:190:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/des.h:201:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
data/mbedtls-2.16.5/include/mbedtls/des.h:212:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
data/mbedtls-2.16.5/include/mbedtls/des.h:223:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
data/mbedtls-2.16.5/include/mbedtls/des.h:234:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
data/mbedtls-2.16.5/include/mbedtls/des.h:250:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/mbedtls-2.16.5/include/mbedtls/des.h:251:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] );
data/mbedtls-2.16.5/include/mbedtls/des.h:279:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8],
data/mbedtls-2.16.5/include/mbedtls/des.h:294:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/mbedtls-2.16.5/include/mbedtls/des.h:295:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] );
data/mbedtls-2.16.5/include/mbedtls/des.h:321:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8],
data/mbedtls-2.16.5/include/mbedtls/des.h:339:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/mbedtls-2.16.5/include/mbedtls/gcm.h:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char base_ectr[16]; /*!< The first ECTR for tag. */
data/mbedtls-2.16.5/include/mbedtls/gcm.h:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char y[16]; /*!< The Y working value. */
data/mbedtls-2.16.5/include/mbedtls/gcm.h:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16]; /*!< The buf working value. */
data/mbedtls-2.16.5/include/mbedtls/hmac_drbg.h:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
data/mbedtls-2.16.5/include/mbedtls/md2.h:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cksum[16]; /*!< checksum of the data block */
data/mbedtls-2.16.5/include/mbedtls/md2.h:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[48]; /*!< intermediate digest state */
data/mbedtls-2.16.5/include/mbedtls/md2.h:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[16]; /*!< data block being processed */
data/mbedtls-2.16.5/include/mbedtls/md2.h:156:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md2.h:224:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md2.h:255:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md2_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md2.h:257:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md2.h:279:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md2.h:281:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/mbedtls-2.16.5/include/mbedtls/md4.h:155:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:171:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:225:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:241:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:260:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md4_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md4.h:262:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md4.h:284:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md4.h:286:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/mbedtls-2.16.5/include/mbedtls/md5.h:155:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:171:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:225:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:241:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:260:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md5_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md5.h:262:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/md5.h:284:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/md5.h:286:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/padlock.h:95:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/include/mbedtls/padlock.h:96:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] );
data/mbedtls-2.16.5/include/mbedtls/padlock.h:116:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/include/mbedtls/poly1305.h:116:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] );
data/mbedtls-2.16.5/include/mbedtls/poly1305.h:153:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] );
data/mbedtls-2.16.5/include/mbedtls/poly1305.h:173:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_poly1305_mac( const unsigned char key[32],
data/mbedtls-2.16.5/include/mbedtls/poly1305.h:174:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/poly1305.h:176:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< data block being processed */
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:117:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:128:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:170:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:182:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:196:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_ripemd160_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:198:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:215:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/ripemd160.h:217:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< The data block being processed. */
data/mbedtls-2.16.5/include/mbedtls/sha1.h:170:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:188:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:247:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:264:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:292:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha1_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha1.h:294:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/sha1.h:324:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha1.h:326:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] );
data/mbedtls-2.16.5/include/mbedtls/sha256.h:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /*!< The data block being processed. */
data/mbedtls-2.16.5/include/mbedtls/sha256.h:140:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32] );
data/mbedtls-2.16.5/include/mbedtls/sha256.h:155:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/sha256.h:204:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32] );
data/mbedtls-2.16.5/include/mbedtls/sha256.h:218:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] );
data/mbedtls-2.16.5/include/mbedtls/sha256.h:241:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha256_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha256.h:243:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32],
data/mbedtls-2.16.5/include/mbedtls/sha256.h:273:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha256.h:275:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32],
data/mbedtls-2.16.5/include/mbedtls/sha512.h:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128]; /*!< The data block being processed. */
data/mbedtls-2.16.5/include/mbedtls/sha512.h:142:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64] );
data/mbedtls-2.16.5/include/mbedtls/sha512.h:156:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[128] );
data/mbedtls-2.16.5/include/mbedtls/sha512.h:204:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64] );
data/mbedtls-2.16.5/include/mbedtls/sha512.h:219:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[128] );
data/mbedtls-2.16.5/include/mbedtls/sha512.h:245:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha512_ret( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha512.h:247:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64],
data/mbedtls-2.16.5/include/mbedtls/sha512.h:277:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
data/mbedtls-2.16.5/include/mbedtls/sha512.h:279:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64],
data/mbedtls-2.16.5/include/mbedtls/ssl.h:386:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:389:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:395:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:398:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:401:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
data/mbedtls-2.16.5/include/mbedtls/ssl.h:405:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:408:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
data/mbedtls-2.16.5/include/mbedtls/ssl.h:412:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:797:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id[32]; /*!< session identifier */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:798:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char master[48]; /*!< the master secret */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:959:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char renego_period[8]; /*!< value of the record counters
data/mbedtls-2.16.5/include/mbedtls/ssl.h:1130:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:1177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */
data/mbedtls-2.16.5/include/mbedtls/ssl.h:2728:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char period[8] );
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:334:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:392:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char randbytes[64]; /*!< random bytes */
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:393:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:441:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv_enc[16]; /*!< IV (encryption) */
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:442:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv_dec[16]; /*!< IV (decryption) */
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:446:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_enc[20]; /*!< SSL v3.0 secret (enc) */
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:447:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_dec[20]; /*!< SSL v3.0 secret (dec) */
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:702:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ver[2] );
data/mbedtls-2.16.5/include/mbedtls/ssl_internal.h:704:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ver[2] );
data/mbedtls-2.16.5/include/mbedtls/ssl_ticket.h:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char name[4]; /*!< random key identifier */
data/mbedtls-2.16.5/include/mbedtls/timing.h:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opaque[32];
data/mbedtls-2.16.5/include/mbedtls/x509_crt.h:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
data/mbedtls-2.16.5/include/mbedtls/x509_crt.h:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
data/mbedtls-2.16.5/include/mbedtls/xtea.h:85:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
data/mbedtls-2.16.5/include/mbedtls/xtea.h:99:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/mbedtls-2.16.5/include/mbedtls/xtea.h:100:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] );
data/mbedtls-2.16.5/include/mbedtls/xtea.h:119:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8],
data/mbedtls-2.16.5/library/aes.c:97:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb[256] =
data/mbedtls-2.16.5/library/aes.c:228:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char RSb[256] =
data/mbedtls-2.16.5/library/aes.c:371:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char FSb[256];
data/mbedtls-2.16.5/library/aes.c:382:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char RSb[256];
data/mbedtls-2.16.5/library/aes.c:871:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aes.c:872:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aes.c:939:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aes.c:940:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aes.c:951:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aes.c:952:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aes.c:1019:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aes.c:1020:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aes.c:1031:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aes.c:1032:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aes.c:1070:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/aes.c:1075:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[16];
data/mbedtls-2.16.5/library/aes.c:1103:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, 16 );
data/mbedtls-2.16.5/library/aes.c:1109:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, 16 );
data/mbedtls-2.16.5/library/aes.c:1124:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, 16 );
data/mbedtls-2.16.5/library/aes.c:1167:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mbedtls_be128[16];
data/mbedtls-2.16.5/library/aes.c:1177:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void mbedtls_gf128mul_x_ble( unsigned char r[16],
data/mbedtls-2.16.5/library/aes.c:1178:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char x[16] )
data/mbedtls-2.16.5/library/aes.c:1198:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data_unit[16],
data/mbedtls-2.16.5/library/aes.c:1205:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tweak[16];
data/mbedtls-2.16.5/library/aes.c:1206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prev_tweak[16];
data/mbedtls-2.16.5/library/aes.c:1207:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/mbedtls-2.16.5/library/aes.c:1241:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prev_tweak, tweak, sizeof( tweak ) );
data/mbedtls-2.16.5/library/aes.c:1310:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/aes.c:1368:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/aes.c:1373:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ov[17];
data/mbedtls-2.16.5/library/aes.c:1383:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ov, iv, 16 );
data/mbedtls-2.16.5/library/aes.c:1394:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, ov + 1, 16 );
data/mbedtls-2.16.5/library/aes.c:1408:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/aes.c:1453:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16],
data/mbedtls-2.16.5/library/aes.c:1454:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16],
data/mbedtls-2.16.5/library/aes.c:1502:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ecb_dec[3][16] =
data/mbedtls-2.16.5/library/aes.c:1512:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ecb_enc[3][16] =
data/mbedtls-2.16.5/library/aes.c:1523:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cbc_dec[3][16] =
data/mbedtls-2.16.5/library/aes.c:1533:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cbc_enc[3][16] =
data/mbedtls-2.16.5/library/aes.c:1550:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cfb128_key[3][32] =
data/mbedtls-2.16.5/library/aes.c:1563:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cfb128_iv[16] =
data/mbedtls-2.16.5/library/aes.c:1569:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cfb128_pt[64] =
data/mbedtls-2.16.5/library/aes.c:1581:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_cfb128_ct[3][64] =
data/mbedtls-2.16.5/library/aes.c:1616:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ofb_key[3][32] =
data/mbedtls-2.16.5/library/aes.c:1629:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ofb_iv[16] =
data/mbedtls-2.16.5/library/aes.c:1635:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ofb_pt[64] =
data/mbedtls-2.16.5/library/aes.c:1647:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ofb_ct[3][64] =
data/mbedtls-2.16.5/library/aes.c:1683:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ctr_key[3][16] =
data/mbedtls-2.16.5/library/aes.c:1693:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ctr_nonce_counter[3][16] =
data/mbedtls-2.16.5/library/aes.c:1703:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ctr_pt[3][48] =
data/mbedtls-2.16.5/library/aes.c:1720:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_test_ctr_ct[3][48] =
data/mbedtls-2.16.5/library/aes.c:1814:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/mbedtls-2.16.5/library/aes.c:1815:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/mbedtls-2.16.5/library/aes.c:1818:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/mbedtls-2.16.5/library/aes.c:1821:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prv[16];
data/mbedtls-2.16.5/library/aes.c:1831:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16];
data/mbedtls-2.16.5/library/aes.c:1832:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16];
data/mbedtls-2.16.5/library/aes.c:1948:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/mbedtls-2.16.5/library/aes.c:1950:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp, prv, 16 );
data/mbedtls-2.16.5/library/aes.c:1951:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prv, buf, 16 );
data/mbedtls-2.16.5/library/aes.c:1952:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, tmp, 16 );
data/mbedtls-2.16.5/library/aes.c:1989:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aes_test_cfb128_iv, 16 );
data/mbedtls-2.16.5/library/aes.c:1990:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
data/mbedtls-2.16.5/library/aes.c:2011:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_cfb128_ct[u], 64 );
data/mbedtls-2.16.5/library/aes.c:2016:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_cfb128_pt, 64 );
data/mbedtls-2.16.5/library/aes.c:2052:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aes_test_ofb_iv, 16 );
data/mbedtls-2.16.5/library/aes.c:2053:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, aes_test_ofb_key[u], keybits / 8 );
data/mbedtls-2.16.5/library/aes.c:2074:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_ofb_ct[u], 64 );
data/mbedtls-2.16.5/library/aes.c:2079:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_ofb_pt, 64 );
data/mbedtls-2.16.5/library/aes.c:2114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
data/mbedtls-2.16.5/library/aes.c:2115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, aes_test_ctr_key[u], 16 );
data/mbedtls-2.16.5/library/aes.c:2125:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_ctr_ct[u], len );
data/mbedtls-2.16.5/library/aes.c:2130:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_ctr_pt[u], len );
data/mbedtls-2.16.5/library/aes.c:2175:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, aes_test_xts_key[u], 32 );
data/mbedtls-2.16.5/library/aes.c:2185:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_xts_ct32[u], len );
data/mbedtls-2.16.5/library/aes.c:2193:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, aes_test_xts_pt32[u], len );
data/mbedtls-2.16.5/library/aesni.c:103:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/aesni.c:104:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/aesni.c:147:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_aesni_gcm_mult( unsigned char c[16],
data/mbedtls-2.16.5/library/aesni.c:148:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char a[16],
data/mbedtls-2.16.5/library/aesni.c:149:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char b[16] )
data/mbedtls-2.16.5/library/aesni.c:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aa[16], bb[16], cc[16];
data/mbedtls-2.16.5/library/aesni.c:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ik, fk, 16 );
data/mbedtls-2.16.5/library/aesni.c:274:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ik, fk, 16 );
data/mbedtls-2.16.5/library/arc4.c:134:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char arc4_test_key[3][8] =
data/mbedtls-2.16.5/library/arc4.c:141:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char arc4_test_pt[3][8] =
data/mbedtls-2.16.5/library/arc4.c:148:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char arc4_test_ct[3][8] =
data/mbedtls-2.16.5/library/arc4.c:161:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ibuf[8];
data/mbedtls-2.16.5/library/arc4.c:162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obuf[8];
data/mbedtls-2.16.5/library/arc4.c:172:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ibuf, arc4_test_pt[i], 8 );
data/mbedtls-2.16.5/library/aria.c:546:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/library/aria.c:547:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] )
data/mbedtls-2.16.5/library/aria.c:622:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/library/aria.c:627:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
data/mbedtls-2.16.5/library/aria.c:643:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:649:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:664:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:684:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/library/aria.c:747:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/library/aria.c:748:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
data/mbedtls-2.16.5/library/aria.c:989:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:1000:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:1019:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/aria.c:1031:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE );
data/mbedtls-2.16.5/library/asn1write.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *p, buf, len );
data/mbedtls-2.16.5/library/asn1write.c:314:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *p, buf, byte_len );
data/mbedtls-2.16.5/library/asn1write.c:386:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur->oid.p, oid, oid_len );
data/mbedtls-2.16.5/library/asn1write.c:417:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur->val.p, val, val_len );
data/mbedtls-2.16.5/library/base64.c:44:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64_enc_map[64] =
data/mbedtls-2.16.5/library/base64.c:55:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64_dec_map[128] =
data/mbedtls-2.16.5/library/base64.c:232:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64_test_dec[64] =
data/mbedtls-2.16.5/library/base64.c:255:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/mbedtls-2.16.5/library/bignum.c:135:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, X->p, X->n * ciL );
data/mbedtls-2.16.5/library/bignum.c:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, X->p, i * ciL );
data/mbedtls-2.16.5/library/bignum.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( X->p, Y->p, i * ciL );
data/mbedtls-2.16.5/library/bignum.c:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &T, X, sizeof( mbedtls_mpi ) );
data/mbedtls-2.16.5/library/bignum.c:241:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( X, Y, sizeof( mbedtls_mpi ) );
data/mbedtls-2.16.5/library/bignum.c:242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Y, &T, sizeof( mbedtls_mpi ) );
data/mbedtls-2.16.5/library/bignum.c:669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
data/mbedtls-2.16.5/library/bignum.c:707:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
data/mbedtls-2.16.5/library/bignum.c:857:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Xp + overhead, buf, buflen );
data/mbedtls-2.16.5/library/bignum.c:1922:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( A->p, d, ( n + 1 ) * ciL );
data/mbedtls-2.16.5/library/bignum.c:2018:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
data/mbedtls-2.16.5/library/bignum.c:2021:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
data/mbedtls-2.16.5/library/blowfish.c:241:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/library/blowfish.c:242:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
data/mbedtls-2.16.5/library/blowfish.c:276:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/library/blowfish.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
data/mbedtls-2.16.5/library/blowfish.c:296:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/mbedtls-2.16.5/library/blowfish.c:302:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/mbedtls-2.16.5/library/blowfish.c:317:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/mbedtls-2.16.5/library/blowfish.c:337:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/library/blowfish.c:396:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/library/blowfish.c:397:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/mbedtls-2.16.5/library/camellia.c:81:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char SIGMA_CHARS[6][8] =
data/mbedtls-2.16.5/library/camellia.c:93:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb[256] =
data/mbedtls-2.16.5/library/camellia.c:120:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb[256] =
data/mbedtls-2.16.5/library/camellia.c:140:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb2[256] =
data/mbedtls-2.16.5/library/camellia.c:160:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb3[256] =
data/mbedtls-2.16.5/library/camellia.c:180:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char FSb4[256] =
data/mbedtls-2.16.5/library/camellia.c:207:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char shifts[2][4][4] =
data/mbedtls-2.16.5/library/camellia.c:223:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char indexes[2][4][20] =
data/mbedtls-2.16.5/library/camellia.c:247:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const signed char transposes[2][20] =
data/mbedtls-2.16.5/library/camellia.c:352:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[64];
data/mbedtls-2.16.5/library/camellia.c:507:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/camellia.c:508:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/camellia.c:576:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/camellia.c:581:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[16];
data/mbedtls-2.16.5/library/camellia.c:596:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, 16 );
data/mbedtls-2.16.5/library/camellia.c:602:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, 16 );
data/mbedtls-2.16.5/library/camellia.c:617:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, 16 );
data/mbedtls-2.16.5/library/camellia.c:637:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/camellia.c:695:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16],
data/mbedtls-2.16.5/library/camellia.c:696:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16],
data/mbedtls-2.16.5/library/camellia.c:748:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
data/mbedtls-2.16.5/library/camellia.c:776:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
data/mbedtls-2.16.5/library/camellia.c:784:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
data/mbedtls-2.16.5/library/camellia.c:809:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_cbc_key[3][32] =
data/mbedtls-2.16.5/library/camellia.c:824:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_cbc_iv[16] =
data/mbedtls-2.16.5/library/camellia.c:830:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
data/mbedtls-2.16.5/library/camellia.c:841:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
data/mbedtls-2.16.5/library/camellia.c:877:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ctr_key[3][16] =
data/mbedtls-2.16.5/library/camellia.c:887:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
data/mbedtls-2.16.5/library/camellia.c:897:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ctr_pt[3][48] =
data/mbedtls-2.16.5/library/camellia.c:914:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char camellia_test_ctr_ct[3][48] =
data/mbedtls-2.16.5/library/camellia.c:939:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/mbedtls-2.16.5/library/camellia.c:940:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/mbedtls-2.16.5/library/camellia.c:941:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char src[16];
data/mbedtls-2.16.5/library/camellia.c:942:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dst[16];
data/mbedtls-2.16.5/library/camellia.c:944:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/mbedtls-2.16.5/library/camellia.c:948:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_counter[16];
data/mbedtls-2.16.5/library/camellia.c:949:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stream_block[16];
data/mbedtls-2.16.5/library/camellia.c:965:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
data/mbedtls-2.16.5/library/camellia.c:969:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
data/mbedtls-2.16.5/library/camellia.c:970:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, camellia_test_ecb_plain[i], 16 );
data/mbedtls-2.16.5/library/camellia.c:973:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, camellia_test_ecb_plain[i], 16 );
data/mbedtls-2.16.5/library/camellia.c:974:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
data/mbedtls-2.16.5/library/camellia.c:1008:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, camellia_test_cbc_iv, 16 );
data/mbedtls-2.16.5/library/camellia.c:1009:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, camellia_test_cbc_iv, 16 );
data/mbedtls-2.16.5/library/camellia.c:1010:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
data/mbedtls-2.16.5/library/camellia.c:1021:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv , src, 16 );
data/mbedtls-2.16.5/library/camellia.c:1022:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
data/mbedtls-2.16.5/library/camellia.c:1023:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, camellia_test_cbc_plain[i], 16 );
data/mbedtls-2.16.5/library/camellia.c:1025:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv , dst, 16 );
data/mbedtls-2.16.5/library/camellia.c:1026:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( src, camellia_test_cbc_plain[i], 16 );
data/mbedtls-2.16.5/library/camellia.c:1027:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
data/mbedtls-2.16.5/library/camellia.c:1062:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
data/mbedtls-2.16.5/library/camellia.c:1063:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, camellia_test_ctr_key[u], 16 );
data/mbedtls-2.16.5/library/camellia.c:1071:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, camellia_test_ctr_ct[u], len );
data/mbedtls-2.16.5/library/camellia.c:1087:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, camellia_test_ctr_pt[u], len );
data/mbedtls-2.16.5/library/ccm.c:162:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[16];
data/mbedtls-2.16.5/library/ccm.c:163:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char y[16];
data/mbedtls-2.16.5/library/ccm.c:164:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctr[16];
data/mbedtls-2.16.5/library/ccm.c:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( b + 1, iv, iv_len );
data/mbedtls-2.16.5/library/ccm.c:232:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( b + 2, src, use_len );
data/mbedtls-2.16.5/library/ccm.c:243:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( b, src, use_len );
data/mbedtls-2.16.5/library/ccm.c:262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctr + 1, iv, iv_len );
data/mbedtls-2.16.5/library/ccm.c:283:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( b, src, use_len );
data/mbedtls-2.16.5/library/ccm.c:292:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( b, dst, use_len );
data/mbedtls-2.16.5/library/ccm.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tag, y, tag_len );
data/mbedtls-2.16.5/library/ccm.c:369:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char check_tag[16];
data/mbedtls-2.16.5/library/ccm.c:448:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char msg[CCM_SELFTEST_PT_MAX_LEN] = {
data/mbedtls-2.16.5/library/ccm.c:459:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char res[NB_TESTS][CCM_SELFTEST_CT_MAX_LEN] = {
data/mbedtls-2.16.5/library/ccm.c:478:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char plaintext[CCM_SELFTEST_PT_MAX_LEN];
data/mbedtls-2.16.5/library/ccm.c:479:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ciphertext[CCM_SELFTEST_CT_MAX_LEN];
data/mbedtls-2.16.5/library/ccm.c:500:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( plaintext, msg, msg_len[i] );
data/mbedtls-2.16.5/library/chacha20.c:146:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keystream[64] )
data/mbedtls-2.16.5/library/chacha20.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( working_state,
data/mbedtls-2.16.5/library/chacha20.c:208:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] )
data/mbedtls-2.16.5/library/chacha20.c:233:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chacha20.c:320:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_chacha20_crypt( const unsigned char key[32],
data/mbedtls-2.16.5/library/chacha20.c:321:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chacha20.c:356:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_keys[2][32] =
data/mbedtls-2.16.5/library/chacha20.c:372:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_nonces[2][12] =
data/mbedtls-2.16.5/library/chacha20.c:390:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_input[2][375] =
data/mbedtls-2.16.5/library/chacha20.c:453:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_output[2][375] =
data/mbedtls-2.16.5/library/chacha20.c:537:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[381];
data/mbedtls-2.16.5/library/chachapoly.c:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroes[15];
data/mbedtls-2.16.5/library/chachapoly.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroes[15];
data/mbedtls-2.16.5/library/chachapoly.c:123:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] )
data/mbedtls-2.16.5/library/chachapoly.c:135:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chachapoly.c:139:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char poly1305_key[64];
data/mbedtls-2.16.5/library/chachapoly.c:241:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] )
data/mbedtls-2.16.5/library/chachapoly.c:244:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char len_block[16];
data/mbedtls-2.16.5/library/chachapoly.c:300:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chachapoly.c:301:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *aad,
data/mbedtls-2.16.5/library/chachapoly.c:303:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input,
data/mbedtls-2.16.5/library/chachapoly.c:304:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *output,
data/mbedtls-2.16.5/library/chachapoly.c:305:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[16] )
data/mbedtls-2.16.5/library/chachapoly.c:329:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chachapoly.c:330:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *aad,
data/mbedtls-2.16.5/library/chachapoly.c:332:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input,
data/mbedtls-2.16.5/library/chachapoly.c:333:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *output,
data/mbedtls-2.16.5/library/chachapoly.c:334:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[16] )
data/mbedtls-2.16.5/library/chachapoly.c:350:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char nonce[12],
data/mbedtls-2.16.5/library/chachapoly.c:351:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *aad,
data/mbedtls-2.16.5/library/chachapoly.c:353:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char tag[16],
data/mbedtls-2.16.5/library/chachapoly.c:358:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char check_tag[16];
data/mbedtls-2.16.5/library/chachapoly.c:392:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_key[1][32] =
data/mbedtls-2.16.5/library/chachapoly.c:402:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_nonce[1][12] =
data/mbedtls-2.16.5/library/chachapoly.c:410:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_aad[1][12] =
data/mbedtls-2.16.5/library/chachapoly.c:423:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_input[1][114] =
data/mbedtls-2.16.5/library/chachapoly.c:444:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_output[1][114] =
data/mbedtls-2.16.5/library/chachapoly.c:470:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_mac[1][16] =
data/mbedtls-2.16.5/library/chachapoly.c:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[200];
data/mbedtls-2.16.5/library/chachapoly.c:497:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16];
data/mbedtls-2.16.5/library/cipher.c:289:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->iv, iv, actual_iv_size );
data/mbedtls-2.16.5/library/cipher.c:424:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
data/mbedtls-2.16.5/library/cipher.c:438:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
data/mbedtls-2.16.5/library/cipher.c:473:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
data/mbedtls-2.16.5/library/cipher.c:932:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char check_tag[16];
data/mbedtls-2.16.5/library/cipher_wrap.c:175:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data_unit[16],
data/mbedtls-2.16.5/library/cmac.c:140:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:184:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
data/mbedtls-2.16.5/library/cmac.c:263:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
data/mbedtls-2.16.5/library/cmac.c:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
data/mbedtls-2.16.5/library/cmac.c:315:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:316:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:317:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, state, block_size );
data/mbedtls-2.16.5/library/cmac.c:432:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
data/mbedtls-2.16.5/library/cmac.c:433:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
data/mbedtls-2.16.5/library/cmac.c:449:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
data/mbedtls-2.16.5/library/cmac.c:512:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_128_key[16] = {
data/mbedtls-2.16.5/library/cmac.c:516:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:528:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:552:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_192_key[24] = {
data/mbedtls-2.16.5/library/cmac.c:557:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:569:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:593:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_256_key[32] = {
data/mbedtls-2.16.5/library/cmac.c:599:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:611:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:645:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_2key_key[24] = {
data/mbedtls-2.16.5/library/cmac.c:653:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_2key_subkeys[2][8] = {
data/mbedtls-2.16.5/library/cmac.c:663:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:683:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_3key_key[24] = {
data/mbedtls-2.16.5/library/cmac.c:691:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_3key_subkeys[2][8] = {
data/mbedtls-2.16.5/library/cmac.c:701:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
data/mbedtls-2.16.5/library/cmac.c:745:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char PRFT[NB_PRF_TESTS][16] = {
data/mbedtls-2.16.5/library/cmac.c:773:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:774:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:854:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/mbedtls-2.16.5/library/cmac.c:898:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
data/mbedtls-2.16.5/library/ctr_drbg.c:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
data/mbedtls-2.16.5/library/ctr_drbg.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
data/mbedtls-2.16.5/library/ctr_drbg.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
data/mbedtls-2.16.5/library/ctr_drbg.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
data/mbedtls-2.16.5/library/ctr_drbg.c:126:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, data, data_len );
data/mbedtls-2.16.5/library/ctr_drbg.c:162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/mbedtls-2.16.5/library/ctr_drbg.c:186:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/mbedtls-2.16.5/library/ctr_drbg.c:218:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
data/mbedtls-2.16.5/library/ctr_drbg.c:220:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
data/mbedtls-2.16.5/library/ctr_drbg.c:253:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/mbedtls-2.16.5/library/ctr_drbg.c:276:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
data/mbedtls-2.16.5/library/ctr_drbg.c:320:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
data/mbedtls-2.16.5/library/ctr_drbg.c:346:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( seed + seedlen, additional, len );
data/mbedtls-2.16.5/library/ctr_drbg.c:386:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
data/mbedtls-2.16.5/library/ctr_drbg.c:450:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
data/mbedtls-2.16.5/library/ctr_drbg.c:452:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
data/mbedtls-2.16.5/library/ctr_drbg.c:502:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, tmp, use_len );
data/mbedtls-2.16.5/library/ctr_drbg.c:543:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
data/mbedtls-2.16.5/library/ctr_drbg.c:545:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "wb" ) ) == NULL )
data/mbedtls-2.16.5/library/ctr_drbg.c:568:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
data/mbedtls-2.16.5/library/ctr_drbg.c:571:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/ctr_drbg.c:602:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char entropy_source_pr[96] =
data/mbedtls-2.16.5/library/ctr_drbg.c:616:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char entropy_source_nopr[64] =
data/mbedtls-2.16.5/library/ctr_drbg.c:626:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce_pers_pr[16] =
data/mbedtls-2.16.5/library/ctr_drbg.c:630:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce_pers_nopr[16] =
data/mbedtls-2.16.5/library/ctr_drbg.c:634:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char result_pr[16] =
data/mbedtls-2.16.5/library/ctr_drbg.c:638:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char result_nopr[16] =
data/mbedtls-2.16.5/library/ctr_drbg.c:647:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, p + test_offset, len );
data/mbedtls-2.16.5/library/ctr_drbg.c:665:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/mbedtls-2.16.5/library/debug.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
data/mbedtls-2.16.5/library/debug.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[17];
data/mbedtls-2.16.5/library/debug.c:215:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/mbedtls-2.16.5/library/debug.c:345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:357:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str, start, len );
data/mbedtls-2.16.5/library/debug.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[DEBUG_BUF_SIZE];
data/mbedtls-2.16.5/library/debug.c:385:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/library/des.c:338:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
data/mbedtls-2.16.5/library/des.c:349:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:360:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:394:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
data/mbedtls-2.16.5/library/des.c:415:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:427:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:500:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:510:70: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/mbedtls-2.16.5/library/des.c:527:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
data/mbedtls-2.16.5/library/des.c:554:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
data/mbedtls-2.16.5/library/des.c:568:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
data/mbedtls-2.16.5/library/des.c:580:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[24] )
data/mbedtls-2.16.5/library/des.c:605:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
data/mbedtls-2.16.5/library/des.c:619:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
data/mbedtls-2.16.5/library/des.c:634:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/mbedtls-2.16.5/library/des.c:635:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] )
data/mbedtls-2.16.5/library/des.c:669:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8],
data/mbedtls-2.16.5/library/des.c:674:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[8];
data/mbedtls-2.16.5/library/des.c:687:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, 8 );
data/mbedtls-2.16.5/library/des.c:698:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, 8 );
data/mbedtls-2.16.5/library/des.c:704:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, 8 );
data/mbedtls-2.16.5/library/des.c:721:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8],
data/mbedtls-2.16.5/library/des.c:722:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8] )
data/mbedtls-2.16.5/library/des.c:768:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8],
data/mbedtls-2.16.5/library/des.c:773:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[8];
data/mbedtls-2.16.5/library/des.c:786:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, 8 );
data/mbedtls-2.16.5/library/des.c:797:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, 8 );
data/mbedtls-2.16.5/library/des.c:803:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, 8 );
data/mbedtls-2.16.5/library/des.c:823:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_keys[24] =
data/mbedtls-2.16.5/library/des.c:830:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_buf[8] =
data/mbedtls-2.16.5/library/des.c:835:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_ecb_dec[3][8] =
data/mbedtls-2.16.5/library/des.c:842:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_ecb_enc[3][8] =
data/mbedtls-2.16.5/library/des.c:850:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_iv[8] =
data/mbedtls-2.16.5/library/des.c:855:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_cbc_dec[3][8] =
data/mbedtls-2.16.5/library/des.c:862:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char des3_test_cbc_enc[3][8] =
data/mbedtls-2.16.5/library/des.c:878:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/mbedtls-2.16.5/library/des.c:880:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prv[8];
data/mbedtls-2.16.5/library/des.c:881:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8];
data/mbedtls-2.16.5/library/des.c:899:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, des3_test_buf, 8 );
data/mbedtls-2.16.5/library/des.c:972:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, des3_test_iv, 8 );
data/mbedtls-2.16.5/library/des.c:973:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prv, des3_test_iv, 8 );
data/mbedtls-2.16.5/library/des.c:974:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, des3_test_buf, 8 );
data/mbedtls-2.16.5/library/des.c:1020:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[8];
data/mbedtls-2.16.5/library/des.c:1027:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp, prv, 8 );
data/mbedtls-2.16.5/library/des.c:1028:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prv, buf, 8 );
data/mbedtls-2.16.5/library/des.c:1029:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, tmp, 8 );
data/mbedtls-2.16.5/library/des.c:1032:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, prv, 8 );
data/mbedtls-2.16.5/library/dhm.c:585:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/ecdsa.c:422:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
data/mbedtls-2.16.5/library/ecdsa.c:712:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
data/mbedtls-2.16.5/library/ecdsa.c:723:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sig, p, len );
data/mbedtls-2.16.5/library/ecjpake.c:203:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ECJPAKE_HASH_BUF_LEN];
data/mbedtls-2.16.5/library/ecjpake.c:207:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/ecjpake.c:225:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, id, id_len );
data/mbedtls-2.16.5/library/ecjpake.c:756:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
data/mbedtls-2.16.5/library/ecjpake.c:983:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, &x, use_len );
data/mbedtls-2.16.5/library/ecjpake.c:1010:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512], pms[32];
data/mbedtls-2.16.5/library/ecp.c:1863:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[COMB_MAX_D + 1],
data/mbedtls-2.16.5/library/ecp.c:1916:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[COMB_MAX_D + 1];
data/mbedtls-2.16.5/library/ecp_curves.c:1205:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
data/mbedtls-2.16.5/library/ecp_curves.c:1252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
data/mbedtls-2.16.5/library/ecp_curves.c:1310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Mp, N->p + P448_WIDTH, M.n * sizeof( mbedtls_mpi_uint ) );
data/mbedtls-2.16.5/library/ecp_curves.c:1378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
data/mbedtls-2.16.5/library/ecp_curves.c:1400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
data/mbedtls-2.16.5/library/entropy.c:183:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[2];
data/mbedtls-2.16.5/library/entropy.c:184:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/library/entropy.c:262:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
data/mbedtls-2.16.5/library/entropy.c:330:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/library/entropy.c:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, buf, len );
data/mbedtls-2.16.5/library/entropy.c:446:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/library/entropy.c:468:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/library/entropy.c:470:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "wb" ) ) == NULL )
data/mbedtls-2.16.5/library/entropy.c:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
data/mbedtls-2.16.5/library/entropy.c:498:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/entropy.c:599:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf0[2 * sizeof( unsigned long long int )];
data/mbedtls-2.16.5/library/entropy.c:600:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf1[2 * sizeof( unsigned long long int )];
data/mbedtls-2.16.5/library/entropy.c:649:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
data/mbedtls-2.16.5/library/entropy.c:650:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
data/mbedtls-2.16.5/library/entropy_poll.c:143:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "/dev/urandom", "rb" );
data/mbedtls-2.16.5/library/entropy_poll.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, &timer, sizeof(unsigned long) );
data/mbedtls-2.16.5/library/entropy_poll.c:217:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/library/entropy_poll.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, buf, use_len );
data/mbedtls-2.16.5/library/gcm.c:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[16];
data/mbedtls-2.16.5/library/gcm.c:219:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
data/mbedtls-2.16.5/library/gcm.c:220:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/gcm.c:228:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[16];
data/mbedtls-2.16.5/library/gcm.c:283:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char work_buf[16];
data/mbedtls-2.16.5/library/gcm.c:310:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->y, iv, iv_len );
data/mbedtls-2.16.5/library/gcm.c:368:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ectr[16];
data/mbedtls-2.16.5/library/gcm.c:429:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char work_buf[16];
data/mbedtls-2.16.5/library/gcm.c:443:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tag, ctx->base_ectr, tag_len );
data/mbedtls-2.16.5/library/gcm.c:511:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char check_tag[16];
data/mbedtls-2.16.5/library/gcm.c:563:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char key[MAX_TESTS][32] =
data/mbedtls-2.16.5/library/gcm.c:581:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char iv[MAX_TESTS][64] =
data/mbedtls-2.16.5/library/gcm.c:603:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char additional[MAX_TESTS][64] =
data/mbedtls-2.16.5/library/gcm.c:617:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pt[MAX_TESTS][64] =
data/mbedtls-2.16.5/library/gcm.c:631:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ct[MAX_TESTS * 3][64] =
data/mbedtls-2.16.5/library/gcm.c:740:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag[MAX_TESTS * 3][16] =
data/mbedtls-2.16.5/library/gcm.c:783:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/mbedtls-2.16.5/library/gcm.c:784:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag_buf[16];
data/mbedtls-2.16.5/library/havege.c:244:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, &val, use_len );
data/mbedtls-2.16.5/library/hkdf.c:39:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prk[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/hkdf.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
data/mbedtls-2.16.5/library/hkdf.c:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/hkdf.c:180:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( okm + where, t, num_to_copy );
data/mbedtls-2.16.5/library/hmac_drbg.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sep[1];
data/mbedtls-2.16.5/library/hmac_drbg.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/hmac_drbg.c:160:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
data/mbedtls-2.16.5/library/hmac_drbg.c:215:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( seed + seedlen, additional, len );
data/mbedtls-2.16.5/library/hmac_drbg.c:378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, ctx->V, use_len );
data/mbedtls-2.16.5/library/hmac_drbg.c:439:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
data/mbedtls-2.16.5/library/hmac_drbg.c:441:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "wb" ) ) == NULL )
data/mbedtls-2.16.5/library/hmac_drbg.c:467:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
data/mbedtls-2.16.5/library/hmac_drbg.c:470:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/hmac_drbg.c:520:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char result_pr[OUTPUT_LEN] = {
data/mbedtls-2.16.5/library/hmac_drbg.c:535:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char result_nopr[OUTPUT_LEN] = {
data/mbedtls-2.16.5/library/hmac_drbg.c:550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, p + test_offset, len );
data/mbedtls-2.16.5/library/hmac_drbg.c:568:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[OUTPUT_LEN];
data/mbedtls-2.16.5/library/md.c:285:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/library/md.c:290:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/md.c:322:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/md.c:377:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/md2.c:52:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char PI_SUBST[256] =
data/mbedtls-2.16.5/library/md2.c:183:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->buffer + ctx->left, input, fill );
data/mbedtls-2.16.5/library/md2.c:213:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md2.c:227:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->buffer, ctx->cksum, 16 );
data/mbedtls-2.16.5/library/md2.c:231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, ctx->state, 16 );
data/mbedtls-2.16.5/library/md2.c:238:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md2.c:249:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md2_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/md2.c:251:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md2.c:274:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_md2( const unsigned char *input,
data/mbedtls-2.16.5/library/md2.c:276:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md2.c:287:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md2_test_str[7][81] =
data/mbedtls-2.16.5/library/md2.c:304:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md2_test_sum[7][16] =
data/mbedtls-2.16.5/library/md2.c:328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md2sum[16];
data/mbedtls-2.16.5/library/md4.c:119:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/md4.c:242:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/md4.c:274:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/mbedtls-2.16.5/library/md4.c:296:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/mbedtls-2.16.5/library/md4.c:312:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md4_padding[64] =
data/mbedtls-2.16.5/library/md4.c:324:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md4.c:329:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/mbedtls-2.16.5/library/md4.c:359:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md4.c:370:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md4_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/md4.c:372:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md4.c:395:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_md4( const unsigned char *input,
data/mbedtls-2.16.5/library/md4.c:397:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md4.c:408:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md4_test_str[7][81] =
data/mbedtls-2.16.5/library/md4.c:425:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md4_test_sum[7][16] =
data/mbedtls-2.16.5/library/md4.c:449:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md4sum[16];
data/mbedtls-2.16.5/library/md5.c:118:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/md5.c:248:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/md5.c:280:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/mbedtls-2.16.5/library/md5.c:300:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/mbedtls-2.16.5/library/md5.c:319:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md5.c:374:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md5.c:385:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_md5_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/md5.c:387:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md5.c:410:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_md5( const unsigned char *input,
data/mbedtls-2.16.5/library/md5.c:412:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/md5.c:422:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md5_test_buf[7][81] =
data/mbedtls-2.16.5/library/md5.c:439:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char md5_test_sum[7][16] =
data/mbedtls-2.16.5/library/md5.c:463:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/mbedtls-2.16.5/library/memory_buffer_alloc.c:655:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/library/net_sockets.c:347:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1] = { 0 };
data/mbedtls-2.16.5/library/net_sockets.c:410:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
data/mbedtls-2.16.5/library/net_sockets.c:420:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
data/mbedtls-2.16.5/library/nist_kw.c:172:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void calc_a_xor_t( unsigned char A[KW_SEMIBLOCK_LENGTH], uint64_t t )
data/mbedtls-2.16.5/library/nist_kw.c:195:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
data/mbedtls-2.16.5/library/nist_kw.c:196:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
data/mbedtls-2.16.5/library/nist_kw.c:224:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, NIST_KW_ICV1, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:252:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, NIST_KW_ICV2, KW_SEMIBLOCK_LENGTH / 2 );
data/mbedtls-2.16.5/library/nist_kw.c:256:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output + KW_SEMIBLOCK_LENGTH, input, in_len );
data/mbedtls-2.16.5/library/nist_kw.c:266:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuff, output, 16 );
data/mbedtls-2.16.5/library/nist_kw.c:286:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:287:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R2, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:294:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:297:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( R2, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:327:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input, size_t semiblocks,
data/mbedtls-2.16.5/library/nist_kw.c:328:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char A[KW_SEMIBLOCK_LENGTH],
data/mbedtls-2.16.5/library/nist_kw.c:335:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
data/mbedtls-2.16.5/library/nist_kw.c:336:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inbuff[KW_SEMIBLOCK_LENGTH * 2];
data/mbedtls-2.16.5/library/nist_kw.c:345:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( A, input, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:353:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuff, A, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( inbuff + KW_SEMIBLOCK_LENGTH, R, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:361:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:364:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( R, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:394:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char A[KW_SEMIBLOCK_LENGTH];
data/mbedtls-2.16.5/library/nist_kw.c:452:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outbuff[KW_SEMIBLOCK_LENGTH * 2];
data/mbedtls-2.16.5/library/nist_kw.c:458:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( A, outbuff, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:459:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, outbuff + KW_SEMIBLOCK_LENGTH, KW_SEMIBLOCK_LENGTH );
data/mbedtls-2.16.5/library/nist_kw.c:547:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kw_key[KW_TESTS][32] = {
data/mbedtls-2.16.5/library/nist_kw.c:559:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kw_msg[KW_TESTS][40] = {
data/mbedtls-2.16.5/library/nist_kw.c:574:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kw_res[KW_TESTS][48] = {
data/mbedtls-2.16.5/library/nist_kw.c:590:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kwp_key[KW_TESTS][32] = {
data/mbedtls-2.16.5/library/nist_kw.c:602:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kwp_msg[KW_TESTS][31] = {
data/mbedtls-2.16.5/library/nist_kw.c:613:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kwp_res[KW_TESTS][48] = {
data/mbedtls-2.16.5/library/nist_kw.c:630:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[48];
data/mbedtls-2.16.5/library/padlock.c:82:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[16],
data/mbedtls-2.16.5/library/padlock.c:83:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16] )
data/mbedtls-2.16.5/library/padlock.c:89:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/mbedtls-2.16.5/library/padlock.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( blk, input, 16 );
data/mbedtls-2.16.5/library/padlock.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, blk, 16 );
data/mbedtls-2.16.5/library/padlock.c:123:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16],
data/mbedtls-2.16.5/library/padlock.c:132:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/mbedtls-2.16.5/library/padlock.c:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iw, iv, 16 );
data/mbedtls-2.16.5/library/padlock.c:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, iw, 16 );
data/mbedtls-2.16.5/library/pem.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/mbedtls-2.16.5/library/pem.c:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, md5sum, keylen );
data/mbedtls-2.16.5/library/pem.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, md5sum, 16 );
data/mbedtls-2.16.5/library/pem.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key + 16, md5sum, use_len );
data/mbedtls-2.16.5/library/pem.c:143:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pem_des_decrypt( unsigned char des_iv[8],
data/mbedtls-2.16.5/library/pem.c:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char des_key[8];
data/mbedtls-2.16.5/library/pem.c:171:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pem_des3_decrypt( unsigned char des3_iv[8],
data/mbedtls-2.16.5/library/pem.c:176:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char des3_key[24];
data/mbedtls-2.16.5/library/pem.c:201:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
data/mbedtls-2.16.5/library/pem.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aes_key[32];
data/mbedtls-2.16.5/library/pem.c:240:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pem_iv[16];
data/mbedtls-2.16.5/library/pem.c:466:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, header, strlen( header ) );
data/mbedtls-2.16.5/library/pem.c:473:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, c, len );
data/mbedtls-2.16.5/library/pem.c:480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, footer, strlen( footer ) );
data/mbedtls-2.16.5/library/pk_wrap.c:647:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/library/pk_wrap.c:648:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/library/pkcs11.c:221:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, oid, oid_size );
data/mbedtls-2.16.5/library/pkcs11.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, hash, hashlen );
data/mbedtls-2.16.5/library/pkcs12.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
data/mbedtls-2.16.5/library/pkcs12.c:149:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[16];
data/mbedtls-2.16.5/library/pkcs12.c:181:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/mbedtls-2.16.5/library/pkcs12.c:182:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/mbedtls-2.16.5/library/pkcs12.c:242:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, filler, use_len );
data/mbedtls-2.16.5/library/pkcs12.c:256:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char diversifier[128];
data/mbedtls-2.16.5/library/pkcs12.c:257:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt_block[128], pwd_block[128], hash_block[128];
data/mbedtls-2.16.5/library/pkcs12.c:258:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/pkcs12.c:318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, hash_output, use_len );
data/mbedtls-2.16.5/library/pkcs5.c:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32], iv[32];
data/mbedtls-2.16.5/library/pkcs5.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
data/mbedtls-2.16.5/library/pkcs5.c:227:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md1[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/pkcs5.c:228:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char work[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/pkcs5.c:232:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char counter[4];
data/mbedtls-2.16.5/library/pkcs5.c:258:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( md1, work, md_size );
data/mbedtls-2.16.5/library/pkcs5.c:280:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out_p, work, use_len );
data/mbedtls-2.16.5/library/pkcs5.c:310:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char password[MAX_TESTS][32] =
data/mbedtls-2.16.5/library/pkcs5.c:322:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char salt[MAX_TESTS][40] =
data/mbedtls-2.16.5/library/pkcs5.c:337:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char result_key[MAX_TESTS][32] =
data/mbedtls-2.16.5/library/pkcs5.c:361:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[64];
data/mbedtls-2.16.5/library/pkparse.c:87:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/pkparse.c:1365:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key_copy, key, keylen );
data/mbedtls-2.16.5/library/pkwrite.c:117:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
data/mbedtls-2.16.5/library/pkwrite.c:130:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *p, buf, len );
data/mbedtls-2.16.5/library/pkwrite.c:164:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[MBEDTLS_ECP_MAX_BYTES];
data/mbedtls-2.16.5/library/pkwrite.c:502:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[PUB_DER_MAX_BYTES];
data/mbedtls-2.16.5/library/pkwrite.c:527:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[PRV_DER_MAX_BYTES];
data/mbedtls-2.16.5/library/platform.c:250:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
data/mbedtls-2.16.5/library/platform.c:269:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
data/mbedtls-2.16.5/library/platform_util.c:128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tm_buf, lt, sizeof( struct tm ) );
data/mbedtls-2.16.5/library/poly1305.c:215:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] )
data/mbedtls-2.16.5/library/poly1305.c:299:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] )
data/mbedtls-2.16.5/library/poly1305.c:349:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &ctx->queue[ctx->queue_len],
data/mbedtls-2.16.5/library/poly1305.c:360:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &ctx->queue[ctx->queue_len],
data/mbedtls-2.16.5/library/poly1305.c:387:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->queue, &input[offset], remaining );
data/mbedtls-2.16.5/library/poly1305.c:394:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] )
data/mbedtls-2.16.5/library/poly1305.c:420:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_poly1305_mac( const unsigned char key[32],
data/mbedtls-2.16.5/library/poly1305.c:421:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *input,
data/mbedtls-2.16.5/library/poly1305.c:423:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16] )
data/mbedtls-2.16.5/library/poly1305.c:452:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_keys[2][32] =
data/mbedtls-2.16.5/library/poly1305.c:468:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_data[2][127] =
data/mbedtls-2.16.5/library/poly1305.c:503:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char test_mac[2][16] =
data/mbedtls-2.16.5/library/poly1305.c:530:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[16];
data/mbedtls-2.16.5/library/ripemd160.c:123:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/ripemd160.c:311:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/ripemd160.c:343:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/mbedtls-2.16.5/library/ripemd160.c:364:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/mbedtls-2.16.5/library/ripemd160.c:379:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ripemd160_padding[64] =
data/mbedtls-2.16.5/library/ripemd160.c:391:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/ripemd160.c:396:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msglen[8];
data/mbedtls-2.16.5/library/ripemd160.c:427:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/ripemd160.c:438:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_ripemd160_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/ripemd160.c:440:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/ripemd160.c:463:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_ripemd160( const unsigned char *input,
data/mbedtls-2.16.5/library/ripemd160.c:465:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/ripemd160.c:477:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ripemd160_test_str[TESTS][81] =
data/mbedtls-2.16.5/library/ripemd160.c:495:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ripemd160_test_md[TESTS][20] =
data/mbedtls-2.16.5/library/ripemd160.c:521:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20];
data/mbedtls-2.16.5/library/rsa.c:1078:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:1079:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char counter[4];
data/mbedtls-2.16.5/library/rsa.c:1183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, input, ilen );
data/mbedtls-2.16.5/library/rsa.c:1275:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, input, ilen );
data/mbedtls-2.16.5/library/rsa.c:1335:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:1336:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:1453:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, p, *olen );
data/mbedtls-2.16.5/library/rsa.c:1569:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:1707:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, buf + ilen - plaintext_max_size, plaintext_max_size );
data/mbedtls-2.16.5/library/rsa.c:1775:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:1837:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, salt, slen );
data/mbedtls-2.16.5/library/rsa.c:1977:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, hash, hashlen );
data/mbedtls-2.16.5/library/rsa.c:2000:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, oid, oid_size );
data/mbedtls-2.16.5/library/rsa.c:2006:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, hash, hashlen );
data/mbedtls-2.16.5/library/rsa.c:2090:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( sig, sig_try, ctx->len );
data/mbedtls-2.16.5/library/rsa.c:2158:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:2159:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeros[8];
data/mbedtls-2.16.5/library/rsa.c:2164:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/library/rsa.c:2594:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rsa_plaintext[PT_LEN];
data/mbedtls-2.16.5/library/rsa.c:2595:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rsa_decrypted[PT_LEN];
data/mbedtls-2.16.5/library/rsa.c:2596:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rsa_ciphertext[KEY_LEN];
data/mbedtls-2.16.5/library/rsa.c:2598:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/mbedtls-2.16.5/library/rsa.c:2635:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
data/mbedtls-2.16.5/library/sha1.c:131:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/sha1.c:296:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/sha1.c:331:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/mbedtls-2.16.5/library/sha1.c:351:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/mbedtls-2.16.5/library/sha1.c:369:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/sha1.c:428:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/sha1.c:439:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha1_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/sha1.c:441:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/sha1.c:467:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha1( const unsigned char *input,
data/mbedtls-2.16.5/library/sha1.c:469:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20] )
data/mbedtls-2.16.5/library/sha1.c:479:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha1_test_buf[3][57] =
data/mbedtls-2.16.5/library/sha1.c:491:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha1_test_sum[3][20] =
data/mbedtls-2.16.5/library/sha1.c:507:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/library/sha1.c:508:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/mbedtls-2.16.5/library/sha256.c:202:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/sha256.c:264:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[64] )
data/mbedtls-2.16.5/library/sha256.c:299:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/mbedtls-2.16.5/library/sha256.c:319:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/mbedtls-2.16.5/library/sha256.c:337:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32] )
data/mbedtls-2.16.5/library/sha256.c:401:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32] )
data/mbedtls-2.16.5/library/sha256.c:412:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha256_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/sha256.c:414:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32],
data/mbedtls-2.16.5/library/sha256.c:442:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha256( const unsigned char *input,
data/mbedtls-2.16.5/library/sha256.c:444:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32],
data/mbedtls-2.16.5/library/sha256.c:455:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha256_test_buf[3][57] =
data/mbedtls-2.16.5/library/sha256.c:467:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha256_test_sum[6][32] =
data/mbedtls-2.16.5/library/sha256.c:509:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256sum[32];
data/mbedtls-2.16.5/library/sha512.c:218:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[128] )
data/mbedtls-2.16.5/library/sha512.c:295:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char data[128] )
data/mbedtls-2.16.5/library/sha512.c:329:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, fill );
data/mbedtls-2.16.5/library/sha512.c:349:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left), input, ilen );
data/mbedtls-2.16.5/library/sha512.c:367:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64] )
data/mbedtls-2.16.5/library/sha512.c:433:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64] )
data/mbedtls-2.16.5/library/sha512.c:444:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int mbedtls_sha512_ret( const unsigned char *input,
data/mbedtls-2.16.5/library/sha512.c:446:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64],
data/mbedtls-2.16.5/library/sha512.c:474:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_sha512( const unsigned char *input,
data/mbedtls-2.16.5/library/sha512.c:476:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[64],
data/mbedtls-2.16.5/library/sha512.c:488:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha512_test_buf[3][113] =
data/mbedtls-2.16.5/library/sha512.c:501:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char sha512_test_sum[6][64] =
data/mbedtls-2.16.5/library/sha512.c:561:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha512sum[64];
data/mbedtls-2.16.5/library/ssl_cache.c:95:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( session->master, entry->session.master, 48 );
data/mbedtls-2.16.5/library/ssl_cache.c:242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
data/mbedtls-2.16.5/library/ssl_cache.c:266:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
data/mbedtls-2.16.5/library/ssl_cli.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->hostname, hostname_len );
data/mbedtls-2.16.5/library/ssl_cli.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
data/mbedtls-2.16.5/library/ssl_cli.c:411:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
data/mbedtls-2.16.5/library/ssl_cli.c:426:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
data/mbedtls-2.16.5/library/ssl_cli.c:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->session_negotiate->ticket, tlen );
data/mbedtls-2.16.5/library/ssl_cli.c:658:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p + 1, *cur, *p );
data/mbedtls-2.16.5/library/ssl_cli.c:820:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->handshake->randbytes, 32 );
data/mbedtls-2.16.5/library/ssl_cli.c:895:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->handshake->verify_cookie,
data/mbedtls-2.16.5/library/ssl_cli.c:1468:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->verify_cookie, p, cookie_len );
data/mbedtls-2.16.5/library/ssl_cli.c:1606:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
data/mbedtls-2.16.5/library/ssl_cli.c:1713:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->session_negotiate->id, buf + 35, n );
data/mbedtls-2.16.5/library/ssl_cli.c:2509:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/mbedtls-2.16.5/library/ssl_cli.c:3038:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
data/mbedtls-2.16.5/library/ssl_cli.c:3218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[48];
data/mbedtls-2.16.5/library/ssl_cli.c:3480:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ticket, msg + 6, ticket_len );
data/mbedtls-2.16.5/library/ssl_cookie.c:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[COOKIE_MD_OUTLEN];
data/mbedtls-2.16.5/library/ssl_cookie.c:130:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char time[4],
data/mbedtls-2.16.5/library/ssl_cookie.c:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmac_out[COOKIE_MD_OUTLEN];
data/mbedtls-2.16.5/library/ssl_cookie.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
data/mbedtls-2.16.5/library/ssl_cookie.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ref_hmac[COOKIE_HMAC_LEN];
data/mbedtls-2.16.5/library/ssl_srv.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->cli_id, info, ilen );
data/mbedtls-2.16.5/library/ssl_srv.c:563:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
data/mbedtls-2.16.5/library/ssl_srv.c:566:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
data/mbedtls-2.16.5/library/ssl_srv.c:1062:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
data/mbedtls-2.16.5/library/ssl_srv.c:1066:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
data/mbedtls-2.16.5/library/ssl_srv.c:1297:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->cur_out_ctr + 2, ssl->in_ctr + 2, 6 );
data/mbedtls-2.16.5/library/ssl_srv.c:1498:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->randbytes, buf + 2, 32 );
data/mbedtls-2.16.5/library/ssl_srv.c:1519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->session_negotiate->id, buf + 35,
data/mbedtls-2.16.5/library/ssl_srv.c:2182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
data/mbedtls-2.16.5/library/ssl_srv.c:2184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
data/mbedtls-2.16.5/library/ssl_srv.c:2332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
data/mbedtls-2.16.5/library/ssl_srv.c:2473:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
data/mbedtls-2.16.5/library/ssl_srv.c:2545:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
data/mbedtls-2.16.5/library/ssl_srv.c:2815:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, crt->subject_raw.p, dn_size );
data/mbedtls-2.16.5/library/ssl_srv.c:3090:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/ssl_srv.c:3556:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ver[2];
data/mbedtls-2.16.5/library/ssl_srv.c:3557:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fake_pms[48], peer_pms[48];
data/mbedtls-2.16.5/library/ssl_srv.c:4020:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[48];
data/mbedtls-2.16.5/library/ssl_ticket.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_KEY_BYTES];
data/mbedtls-2.16.5/library/ssl_ticket.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, session, sizeof( mbedtls_ssl_session ) );
data/mbedtls-2.16.5/library/ssl_ticket.c:196:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, session->peer_cert->raw.p, cert_len );
data/mbedtls-2.16.5/library/ssl_ticket.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( session, p, sizeof( mbedtls_ssl_session ) );
data/mbedtls-2.16.5/library/ssl_ticket.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key_name, key->name, 4 );
data/mbedtls-2.16.5/library/ssl_ticket.c:365:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char name[4] )
data/mbedtls-2.16.5/library/ssl_tls.c:277:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
data/mbedtls-2.16.5/library/ssl_tls.c:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( dst->ticket, src->ticket, src->ticket_len );
data/mbedtls-2.16.5/library/ssl_tls.c:343:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padding[16];
data/mbedtls-2.16.5/library/ssl_tls.c:344:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/mbedtls-2.16.5/library/ssl_tls.c:403:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[128];
data/mbedtls-2.16.5/library/ssl_tls.c:404:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h_i[20];
data/mbedtls-2.16.5/library/ssl_tls.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp + 20, label, nb );
data/mbedtls-2.16.5/library/ssl_tls.c:420:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp + 20 + nb, random, rlen );
data/mbedtls-2.16.5/library/ssl_tls.c:501:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[128];
data/mbedtls-2.16.5/library/ssl_tls.c:502:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/ssl_tls.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp + md_len, label, nb );
data/mbedtls-2.16.5/library/ssl_tls.c:519:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp + md_len + nb, random, rlen );
data/mbedtls-2.16.5/library/ssl_tls.c:613:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[64];
data/mbedtls-2.16.5/library/ssl_tls.c:614:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyblk[256];
data/mbedtls-2.16.5/library/ssl_tls.c:711:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char session_hash[48];
data/mbedtls-2.16.5/library/ssl_tls.c:769:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp, handshake->randbytes, 64 );
data/mbedtls-2.16.5/library/ssl_tls.c:770:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( handshake->randbytes, tmp + 32, 32 );
data/mbedtls-2.16.5/library/ssl_tls.c:771:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( handshake->randbytes + 32, tmp, 32 );
data/mbedtls-2.16.5/library/ssl_tls.c:940:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->iv_enc, key2 + transform->keylen, iv_copy_len );
data/mbedtls-2.16.5/library/ssl_tls.c:941:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
data/mbedtls-2.16.5/library/ssl_tls.c:960:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->iv_dec, key1 + transform->keylen, iv_copy_len );
data/mbedtls-2.16.5/library/ssl_tls.c:961:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
data/mbedtls-2.16.5/library/ssl_tls.c:980:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->mac_enc, mac_enc, mac_key_len );
data/mbedtls-2.16.5/library/ssl_tls.c:981:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( transform->mac_dec, mac_dec, mac_key_len );
data/mbedtls-2.16.5/library/ssl_tls.c:1122:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
data/mbedtls-2.16.5/library/ssl_tls.c:1126:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad_1[48];
data/mbedtls-2.16.5/library/ssl_tls.c:1127:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad_2[48];
data/mbedtls-2.16.5/library/ssl_tls.c:1171:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
data/mbedtls-2.16.5/library/ssl_tls.c:1199:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
data/mbedtls-2.16.5/library/ssl_tls.c:1220:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
data/mbedtls-2.16.5/library/ssl_tls.c:1356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, psk, psk_len );
data/mbedtls-2.16.5/library/ssl_tls.c:1371:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *secret,
data/mbedtls-2.16.5/library/ssl_tls.c:1372:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *buf, size_t len,
data/mbedtls-2.16.5/library/ssl_tls.c:1373:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *ctr, int type,
data/mbedtls-2.16.5/library/ssl_tls.c:1374:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[SSL_MAC_MAX_BYTES] )
data/mbedtls-2.16.5/library/ssl_tls.c:1376:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[11];
data/mbedtls-2.16.5/library/ssl_tls.c:1377:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padding[48];
data/mbedtls-2.16.5/library/ssl_tls.c:1388:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( header, ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1472:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[SSL_MAC_MAX_BYTES];
data/mbedtls-2.16.5/library/ssl_tls.c:1480:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
data/mbedtls-2.16.5/library/ssl_tls.c:1488:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
data/mbedtls-2.16.5/library/ssl_tls.c:1498:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
data/mbedtls-2.16.5/library/ssl_tls.c:1557:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char add_data[13];
data/mbedtls-2.16.5/library/ssl_tls.c:1558:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[12];
data/mbedtls-2.16.5/library/ssl_tls.c:1567:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( add_data, ssl->out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1582:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
data/mbedtls-2.16.5/library/ssl_tls.c:1583:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv + transform->fixed_ivlen, ssl->out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1584:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1592:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, transform->iv_enc, transform->fixed_ivlen );
data/mbedtls-2.16.5/library/ssl_tls.c:1683:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
data/mbedtls-2.16.5/library/ssl_tls.c:1722:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->transform_out->iv_enc,
data/mbedtls-2.16.5/library/ssl_tls.c:1731:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[MBEDTLS_SSL_MAC_ADD];
data/mbedtls-2.16.5/library/ssl_tls.c:1741:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pseudo_hdr[13];
data/mbedtls-2.16.5/library/ssl_tls.c:1745:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pseudo_hdr + 0, ssl->out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1746:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pseudo_hdr + 8, ssl->out_hdr, 3 );
data/mbedtls-2.16.5/library/ssl_tls.c:1758:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_iv + ssl->out_msglen, mac,
data/mbedtls-2.16.5/library/ssl_tls.c:1848:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char add_data[13];
data/mbedtls-2.16.5/library/ssl_tls.c:1849:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[12];
data/mbedtls-2.16.5/library/ssl_tls.c:1874:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( add_data, ssl->in_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1889:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
data/mbedtls-2.16.5/library/ssl_tls.c:1890:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv + transform->fixed_ivlen, ssl->in_iv, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1898:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, transform->iv_dec, transform->fixed_ivlen );
data/mbedtls-2.16.5/library/ssl_tls.c:1982:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
data/mbedtls-2.16.5/library/ssl_tls.c:1983:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pseudo_hdr[13];
data/mbedtls-2.16.5/library/ssl_tls.c:1990:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pseudo_hdr + 0, ssl->in_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:1991:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pseudo_hdr + 8, ssl->in_hdr, 3 );
data/mbedtls-2.16.5/library/ssl_tls.c:2066:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->transform_in->iv_dec,
data/mbedtls-2.16.5/library/ssl_tls.c:2173:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
data/mbedtls-2.16.5/library/ssl_tls.c:2402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( msg_pre, ssl->out_msg, len_pre );
data/mbedtls-2.16.5/library/ssl_tls.c:2449:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( msg_pre, ssl->in_msg, len_pre );
data/mbedtls-2.16.5/library/ssl_tls.c:2842:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
data/mbedtls-2.16.5/library/ssl_tls.c:2891:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_out_ctr[8];
data/mbedtls-2.16.5/library/ssl_tls.c:2907:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp_out_ctr, ssl->cur_out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:2908:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->cur_out_ctr, ssl->handshake->alt_out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:2909:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:3002:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg, cur->p, cur->len );
data/mbedtls-2.16.5/library/ssl_tls.c:3042:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg, cur->p, 6 );
data/mbedtls-2.16.5/library/ssl_tls.c:3055:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg + 12, p, cur_hs_frag_len );
data/mbedtls-2.16.5/library/ssl_tls.c:3289:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
data/mbedtls-2.16.5/library/ssl_tls.c:3384:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_ctr, ssl->cur_out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:3936:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( obuf, in, 25 );
data/mbedtls-2.16.5/library/ssl_tls.c:4477:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->in_msg, hs_buf->data, ssl->in_hslen );
data/mbedtls-2.16.5/library/ssl_tls.c:4663:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( hs_buf->data, ssl->in_msg, 6 );
data/mbedtls-2.16.5/library/ssl_tls.c:4665:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( hs_buf->data + 9, hs_buf->data + 1, 3 );
data/mbedtls-2.16.5/library/ssl_tls.c:4698:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
data/mbedtls-2.16.5/library/ssl_tls.c:4887:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->in_hdr, rec, rec_len );
data/mbedtls-2.16.5/library/ssl_tls.c:4947:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( hs->buffering.future_record.data, ssl->in_hdr, total_buf_sz );
data/mbedtls-2.16.5/library/ssl_tls.c:5409:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
data/mbedtls-2.16.5/library/ssl_tls.c:6071:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padbuf[48];
data/mbedtls-2.16.5/library/ssl_tls.c:6072:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/mbedtls-2.16.5/library/ssl_tls.c:6073:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/mbedtls-2.16.5/library/ssl_tls.c:6156:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padbuf[36];
data/mbedtls-2.16.5/library/ssl_tls.c:6215:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padbuf[32];
data/mbedtls-2.16.5/library/ssl_tls.c:6264:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padbuf[48];
data/mbedtls-2.16.5/library/ssl_tls.c:6414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
data/mbedtls-2.16.5/library/ssl_tls.c:6452:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->alt_out_ctr, ssl->cur_out_ctr, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:6522:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SSL_MAX_HASH_LEN];
data/mbedtls-2.16.5/library/ssl_tls.c:6570:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->peer_verify_data, buf, hash_len );
data/mbedtls-2.16.5/library/ssl_tls.c:7377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( conf->psk, psk, conf->psk_len );
data/mbedtls-2.16.5/library/ssl_tls.c:7378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
data/mbedtls-2.16.5/library/ssl_tls.c:7404:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
data/mbedtls-2.16.5/library/ssl_tls.c:7541:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->hostname, hostname, hostname_len );
data/mbedtls-2.16.5/library/ssl_tls.c:7687:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char period[8] )
data/mbedtls-2.16.5/library/ssl_tls.c:7689:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( conf->renego_period, period, 8 );
data/mbedtls-2.16.5/library/ssl_tls.c:8543:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, ssl->in_offt, n );
data/mbedtls-2.16.5/library/ssl_tls.c:8625:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ssl->out_msg, buf, len );
data/mbedtls-2.16.5/library/ssl_tls.c:9561:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ver[2] )
data/mbedtls-2.16.5/library/ssl_tls.c:9583:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char ver[2] )
data/mbedtls-2.16.5/library/version.c:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( string, MBEDTLS_VERSION_STRING,
data/mbedtls-2.16.5/library/version.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( string, MBEDTLS_VERSION_STRING_FULL,
data/mbedtls-2.16.5/library/x509.c:753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
data/mbedtls-2.16.5/library/x509_create.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
data/mbedtls-2.16.5/library/x509_create.c:225:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( cur->val.p + 1, val, val_len );
data/mbedtls-2.16.5/library/x509_create.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( *p, sig, len );
data/mbedtls-2.16.5/library/x509_crl.c:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, buf, buflen );
data/mbedtls-2.16.5/library/x509_crt.c:881:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, buf, crt->raw.len );
data/mbedtls-2.16.5/library/x509_crt.c:1277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_PATH];
data/mbedtls-2.16.5/library/x509_crt.c:1289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( filename, path, len );
data/mbedtls-2.16.5/library/x509_crt.c:1294:13: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
data/mbedtls-2.16.5/library/x509_crt.c:1339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
data/mbedtls-2.16.5/library/x509_crt.c:1535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_size_str[BEFORE_COLON];
data/mbedtls-2.16.5/library/x509_crt.c:1807:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/x509_crt.c:1895:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/library/x509_csr.c:116:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p, buf, buflen );
data/mbedtls-2.16.5/library/x509_csr.c:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_size_str[BEFORE_COLON];
data/mbedtls-2.16.5/library/x509write_crt.c:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[9];
data/mbedtls-2.16.5/library/x509write_crt.c:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
data/mbedtls-2.16.5/library/x509write_crt.c:204:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
data/mbedtls-2.16.5/library/x509write_crt.c:247:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], ku;
data/mbedtls-2.16.5/library/x509write_crt.c:285:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/mbedtls-2.16.5/library/x509write_crt.c:346:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/mbedtls-2.16.5/library/x509write_crt.c:347:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[SIGNATURE_MAX_SIZE];
data/mbedtls-2.16.5/library/x509write_crt.c:348:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_buf[2048];
data/mbedtls-2.16.5/library/x509write_crt.c:483:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( c2, c, len );
data/mbedtls-2.16.5/library/x509write_crt.c:502:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[4096];
data/mbedtls-2.16.5/library/x509write_csr.c:109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/mbedtls-2.16.5/library/x509write_csr.c:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/mbedtls-2.16.5/library/x509write_csr.c:171:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[64];
data/mbedtls-2.16.5/library/x509write_csr.c:172:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[SIGNATURE_MAX_SIZE];
data/mbedtls-2.16.5/library/x509write_csr.c:173:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp_buf[2048];
data/mbedtls-2.16.5/library/x509write_csr.c:263:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( c2, c, len );
data/mbedtls-2.16.5/library/x509write_csr.c:282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[4096];
data/mbedtls-2.16.5/library/xtea.c:85:68: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
data/mbedtls-2.16.5/library/xtea.c:101:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8], unsigned char output[8])
data/mbedtls-2.16.5/library/xtea.c:101:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char input[8], unsigned char output[8])
data/mbedtls-2.16.5/library/xtea.c:144:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8], const unsigned char *input,
data/mbedtls-2.16.5/library/xtea.c:148:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[8];
data/mbedtls-2.16.5/library/xtea.c:157:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( temp, input, 8 );
data/mbedtls-2.16.5/library/xtea.c:163:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, temp, 8 );
data/mbedtls-2.16.5/library/xtea.c:178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( iv, output, 8 );
data/mbedtls-2.16.5/library/xtea.c:197:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char xtea_test_key[6][16] =
data/mbedtls-2.16.5/library/xtea.c:213:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char xtea_test_pt[6][8] =
data/mbedtls-2.16.5/library/xtea.c:223:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char xtea_test_ct[6][8] =
data/mbedtls-2.16.5/library/xtea.c:239:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/mbedtls-2.16.5/library/xtea.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, xtea_test_pt[i], 8 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[16];
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[512];
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[32];
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:140:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode = atoi( argv[1] );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:158:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:164:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:173:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:199:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, argv[4], keylen );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:253:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, digest, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:278:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( digest, IV, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:317:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, buffer, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:369:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, buffer, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:377:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( digest, IV, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:401:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp, buffer, 16 );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:409:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, tmp, 16 );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[16];
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:96:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[512];
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[1024];
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:153:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mode = atoi( argv[1] );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:167:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:173:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:210:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:236:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, argv[6], keylen );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:290:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, digest, 16 );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:306:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( digest, IV, 16 );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:439:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( IV, buffer, 16 );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:446:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( digest, IV, 16 );
data/mbedtls-2.16.5/programs/hash/generic_sum.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/programs/hash/generic_sum.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/mbedtls-2.16.5/programs/hash/generic_sum.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/mbedtls-2.16.5/programs/hash/generic_sum.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
data/mbedtls-2.16.5/programs/hash/generic_sum.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
data/mbedtls-2.16.5/programs/hash/generic_sum.c:100:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/hash/generic_sum.c:143:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf + i * 2, "%02x", sum[i] );
data/mbedtls-2.16.5/programs/hash/hello.c:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/mbedtls-2.16.5/programs/pkey/dh_client.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/mbedtls-2.16.5/programs/pkey/dh_client.c:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/dh_client.c:123:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/dh_genprime.c:106:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nbits = atoi( q );
data/mbedtls-2.16.5/programs/pkey/dh_genprime.c:170:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/dh_server.c:85:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/mbedtls-2.16.5/programs/pkey/dh_server.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/dh_server.c:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf2[2];
data/mbedtls-2.16.5/programs/pkey/dh_server.c:129:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/dh_server.c:171:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/dh_server.c:301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, PLAINTEXT, 16 );
data/mbedtls-2.16.5/programs/pkey/ecdh_curve25519.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cli_to_srv[32], srv_to_cli[32];
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:86:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[300];
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[100];
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:113:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
data/mbedtls-2.16.5/programs/pkey/gen_key.c:68:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "/dev/random", "rb" );
data/mbedtls-2.16.5/programs/pkey/gen_key.c:158:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[16000];
data/mbedtls-2.16.5/programs/pkey/gen_key.c:179:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( output_file, "wb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/gen_key.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/pkey/gen_key.c:269:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.rsa_keysize = atoi( q );
data/mbedtls-2.16.5/programs/pkey/gen_key.c:286:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.use_dev_random = atoi( q );
data/mbedtls-2.16.5/programs/pkey/key_app.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/pkey/key_app.c:161:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[16000];
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:142:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( output_file, "w" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:160:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[16000];
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:184:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( output_file, "w" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[1024];
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:119:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[1024];
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( input, argv[2], strlen( argv[2] ) );
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:140:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:83:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SIGNATURE_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:150:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:98:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:74:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[1024];
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:75:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:115:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:155:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[1024];
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:109:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( input, argv[1], strlen( argv[1] ) );
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:160:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c:118:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c:134:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:92:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:163:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:149:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:86:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:110:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:71:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[32];
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:111:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( filename, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/random/gen_entropy.c:61:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/programs/random/gen_entropy.c:69:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/random/gen_random_ctr_drbg.c:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/random/gen_random_ctr_drbg.c:75:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/random/gen_random_havege.c:63:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/random/gen_random_havege.c:71:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:244:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:335:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:111:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_ip[16] = { 0 };
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:266:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:404:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:296:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:535:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_REQUEST_SIZE + 1];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:538:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:542:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *alpn_list[ALPN_LIST_SIZE];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:672:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:682:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.debug_level = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:688:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.nbio = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:694:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.event = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:699:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.read_timeout = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:702:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.max_resend = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:710:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.request_size = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:730:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.ec_max_ops = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:744:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.renegotiation = (atoi( q )) ?
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:750:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:766:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.renegotiate = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:772:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.exchanges = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:778:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.reconnect = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:784:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.reco_delay = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:790:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.reconnect_hard = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:796:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.tickets = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:806:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:815:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:830:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:869:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:878:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:948:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:960:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.hs_to_min = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:961:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.hs_to_max = atoi( p );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:967:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.dtls_mtu = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:973:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.dgram_packing = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:982:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.recsplit = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:988:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.dhmlen = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1234:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *) mbedtls_test_cas[i],
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1244:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *) mbedtls_test_cas_der[i],
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1665:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:2118:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:180:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:251:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:297:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi( code );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:309:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[128];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[4];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:347:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi( code );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char base[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:367:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof( base ) + 2];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:369:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[32];
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:440:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.debug_level = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:446:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.authentication = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:452:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.mode = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:705:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf( (char *) buf, "STARTTLS\r\n" );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:725:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:806:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf( (char *) buf, "DATA\r\n" );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:826:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf( (char *) buf, "\r\n.\r\n");
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:133:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:265:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &threads[i].data, &base_info, sizeof(base_info) );
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:333:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alloc_buf[100000];
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:473:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:240:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:803:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[MBEDTLS_PSK_MAX_LEN];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:999:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1018:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dn[100];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1058:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ctx->input, input, input_len );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1213:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1218:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_ip[16] = { 0 };
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1235:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char renego_period[8] = { 0 };
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *alpn_list[ALPN_LIST_SIZE];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1269:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alloc_buf[MEMORY_HEAP_SIZE];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1412:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int t = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1422:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.debug_level = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1428:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.nbio = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1434:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.event = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1439:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.read_timeout = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1442:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.buffer_size = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1448:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.response_size = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1472:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.async_private_delay1 = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1474:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.async_private_delay2 = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1477:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1512:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.renegotiation = (atoi( q )) ?
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1518:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1534:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.renegotiate = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1540:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.renego_delay = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1555:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.exchanges = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1591:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1600:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1651:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.cert_req_ca_list = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1674:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1683:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1696:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1705:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.tickets = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1711:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.ticket_timeout = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1717:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.cache_max = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1723:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.cache_timeout = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1729:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.cookies = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1735:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.anti_replay = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1741:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.badmac_limit = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1750:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.hs_to_min = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1751:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.hs_to_max = atoi( p );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1757:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.dtls_mtu = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1763:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.dgram_packing = atoi( q );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1855:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name[4] = { 0 };
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2034:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *) mbedtls_test_cas[i],
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2044:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const unsigned char *) mbedtls_test_cas_der[i],
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2619:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2740:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2789:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2802:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crt_buf[512];
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2896:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( larger_buf, buf, ori_len );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:3142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/test/benchmark.c:220:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( output, &rnd, use_len );
data/mbedtls-2.16.5/programs/test/benchmark.c:248:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUFSIZE];
data/mbedtls-2.16.5/programs/test/benchmark.c:265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[200];
data/mbedtls-2.16.5/programs/test/benchmark.c:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[TITLE_LEN];
data/mbedtls-2.16.5/programs/test/benchmark.c:269:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char alloc_buf[HEAP_SIZE] = { 0 };
data/mbedtls-2.16.5/programs/test/benchmark.c:421:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8];
data/mbedtls-2.16.5/programs/test/benchmark.c:549:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16];
data/mbedtls-2.16.5/programs/test/selftest.c:163:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
data/mbedtls-2.16.5/programs/test/selftest.c:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10] = "xxxxxxxxx";
data/mbedtls-2.16.5/programs/test/selftest.c:167:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ref[10] = "xxxxxxxxx";
data/mbedtls-2.16.5/programs/test/selftest.c:204:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/mbedtls-2.16.5/programs/test/selftest.c:375:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1000000];
data/mbedtls-2.16.5/programs/test/udp_proxy.c:215:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.duplicate = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:221:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.delay = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:227:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.delay_ccs = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:264:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, q, len + 1 );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:270:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.drop = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:277:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.pack = (unsigned) atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:285:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.mtu = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:291:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.bad_ad = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:297:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.protect_hvr = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:303:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.protect_len = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:309:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.seed = atoi( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:383:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[MAX_MSG_SIZE];
data/mbedtls-2.16.5/programs/test/udp_proxy.c:442:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf->data + buf->len, data, len );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:481:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MSG_SIZE];
data/mbedtls-2.16.5/programs/test/udp_proxy.c:515:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_MSG_SIZE];
data/mbedtls-2.16.5/programs/test/udp_proxy.c:516:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf, p->buf, p->len );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:574:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &prev[prev_len++], delay, sizeof( packet ) );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:598:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char dropped[2048] = { 0 };
data/mbedtls-2.16.5/programs/test/udp_proxy.c:904:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[100];
data/mbedtls-2.16.5/programs/test/zeroize.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFFER_LEN];
data/mbedtls-2.16.5/programs/test/zeroize.c:78:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( argv[1], "r" );
data/mbedtls-2.16.5/programs/util/pem2der.c:130:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "rb" ) ) == NULL )
data/mbedtls-2.16.5/programs/util/pem2der.c:172:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( path, "wb" ) ) == NULL )
data/mbedtls-2.16.5/programs/util/pem2der.c:190:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char der_buffer[4096];
data/mbedtls-2.16.5/programs/util/pem2der.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/util/strerror.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buf[200];
data/mbedtls-2.16.5/programs/x509/cert_app.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/x509/cert_app.c:155:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/mbedtls-2.16.5/programs/x509/cert_app.c:237:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.debug_level = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_app.c:243:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.permissive = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_app.c:353:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vrfy_buf[512];
data/mbedtls-2.16.5/programs/x509/cert_req.c:134:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[4096];
data/mbedtls-2.16.5/programs/x509/cert_req.c:143:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( output_file, "w" ) ) == NULL )
data/mbedtls-2.16.5/programs/x509/cert_req.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/x509/cert_req.c:212:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.debug_level = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_req.c:304:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/x509/cert_req.c:340:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch( atoi( q ) )
data/mbedtls-2.16.5/programs/x509/cert_write.c:193:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_buf[4096];
data/mbedtls-2.16.5/programs/x509/cert_write.c:203:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( f = fopen( output_file, "w" ) ) == NULL )
data/mbedtls-2.16.5/programs/x509/cert_write.c:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/mbedtls-2.16.5/programs/x509/cert_write.c:226:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_name[256];
data/mbedtls-2.16.5/programs/x509/cert_write.c:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject_name[256];
data/mbedtls-2.16.5/programs/x509/cert_write.c:328:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.authority_identifier = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:338:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.subject_identifier = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:348:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.basic_constraints = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:378:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.version = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:388:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.selfsign = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:397:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.is_ca = atoi( q );
data/mbedtls-2.16.5/programs/x509/cert_write.c:406:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt.max_pathlen = atoi( q );
data/mbedtls-2.16.5/programs/x509/crl_app.c:77:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[100000];
data/mbedtls-2.16.5/programs/x509/req_app.c:77:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[100000];
data/mbedtls-2.16.5/library/bignum.c:473:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen( s );
data/mbedtls-2.16.5/library/bignum.c:681:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen( s );
data/mbedtls-2.16.5/library/bignum.c:719:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen( p );
data/mbedtls-2.16.5/library/bignum.c:720:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen( s );
data/mbedtls-2.16.5/library/ecdsa.c:488:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( blind_label ) );
data/mbedtls-2.16.5/library/ecjpake.c:206:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t id_len = strlen( id );
data/mbedtls-2.16.5/library/error.c:574:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buf ) == 0 )
data/mbedtls-2.16.5/library/error.c:586:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( buf );
data/mbedtls-2.16.5/library/error.c:893:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( buf ) != 0 )
data/mbedtls-2.16.5/library/net_sockets.c:75:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 )
data/mbedtls-2.16.5/library/net_sockets.c:549:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = (int) read( fd, buf, len );
data/mbedtls-2.16.5/library/pem.c:261:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 += strlen( header );
data/mbedtls-2.16.5/library/pem.c:268:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end += strlen( footer );
data/mbedtls-2.16.5/library/pem.c:447:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
data/mbedtls-2.16.5/library/pem.c:447:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
data/mbedtls-2.16.5/library/pem.c:466:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( p, header, strlen( header ) );
data/mbedtls-2.16.5/library/pem.c:467:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( header );
data/mbedtls-2.16.5/library/pem.c:480:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( p, footer, strlen( footer ) );
data/mbedtls-2.16.5/library/pem.c:481:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( footer );
data/mbedtls-2.16.5/library/pkparse.c:147:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const unsigned char *) pwd, strlen( pwd ) );
data/mbedtls-2.16.5/library/ssl_cli.c:71:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_len = strlen( ssl->hostname );
data/mbedtls-2.16.5/library/ssl_cli.c:633:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
data/mbedtls-2.16.5/library/ssl_cli.c:657:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p = (unsigned char)( strlen( *cur ) & 0xFF );
data/mbedtls-2.16.5/library/ssl_cli.c:1393:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( name_len == strlen( *p ) &&
data/mbedtls-2.16.5/library/ssl_srv.c:649:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ours_len = strlen( *ours );
data/mbedtls-2.16.5/library/ssl_srv.c:2322:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*olen = 7 + strlen( ssl->alpn_chosen );
data/mbedtls-2.16.5/library/ssl_tls.c:411:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
data/mbedtls-2.16.5/library/ssl_tls.c:418:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb = strlen( label );
data/mbedtls-2.16.5/library/ssl_tls.c:514:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
data/mbedtls-2.16.5/library/ssl_tls.c:517:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nb = strlen( label );
data/mbedtls-2.16.5/library/ssl_tls.c:7514:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_len = strlen( hostname );
data/mbedtls-2.16.5/library/ssl_tls.c:7525:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
data/mbedtls-2.16.5/library/ssl_tls.c:7575:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen( *p );
data/mbedtls-2.16.5/library/ssl_tls.c:8982:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_platform_zeroize( ssl->hostname, strlen( ssl->hostname ) );
data/mbedtls-2.16.5/library/x509_create.c:132:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *end = s + strlen( s );
data/mbedtls-2.16.5/library/x509_create.c:172:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
data/mbedtls-2.16.5/library/x509_crt.c:265:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cn_idx = 0, cn_len = strlen( cn );
data/mbedtls-2.16.5/library/x509_crt.c:1279:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen( path );
data/mbedtls-2.16.5/library/x509_crt.c:2434:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cn_len = strlen( cn );
data/mbedtls-2.16.5/library/x509write_crt.c:122:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
data/mbedtls-2.16.5/library/x509write_crt.c:123:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( not_after ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
data/mbedtls-2.16.5/library/x509write_crt.c:127:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
data/mbedtls-2.16.5/library/x509write_crt.c:128:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
data/mbedtls-2.16.5/library/x509write_crt.c:431:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sig_oid, strlen( sig_oid ), 0 ) );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:134:27: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:194:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen( argv[4] );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:250:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
data/mbedtls-2.16.5/programs/aes/aescrypt2.c:457:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:147:27: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:231:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen( argv[6] );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:287:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_md_update( &md_ctx, (unsigned char *) p, strlen( p ) );
data/mbedtls-2.16.5/programs/aes/crypt_and_hash.c:554:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_platform_zeroize( argv[i], strlen( argv[i] ) );
data/mbedtls-2.16.5/programs/hash/generic_sum.c:115:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen( line );
data/mbedtls-2.16.5/programs/hash/generic_sum.c:203:27: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/hash/hello.c:70:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/dh_client.c:111:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/dh_client.c:307:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/dh_genprime.c:127:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/dh_genprime.c:197:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/dh_server.c:117:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/dh_server.c:330:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/ecdh_curve25519.c:233:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:145:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/ecdsa.c:243:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/gen_key.c:168:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (char *) output_buf );
data/mbedtls-2.16.5/programs/pkey/gen_key.c:316:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/gen_key.c:446:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/key_app.c:150:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.password ) && strlen( opt.password_file ) )
data/mbedtls-2.16.5/programs/pkey/key_app.c:150:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.password ) && strlen( opt.password_file ) )
data/mbedtls-2.16.5/programs/pkey/key_app.c:156:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.password_file ) )
data/mbedtls-2.16.5/programs/pkey/key_app.c:174:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int) strlen( buf );
data/mbedtls-2.16.5/programs/pkey/key_app.c:311:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:130:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (char *) output_buf );
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (char *) output_buf );
data/mbedtls-2.16.5/programs/pkey/key_app_writer.c:436:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/mpi_demo.c:112:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:100:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/pk_decrypt.c:171:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:98:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:114:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( argv[2] ) > 100 )
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:120:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( input, argv[2], strlen( argv[2] ) );
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:128:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ),
data/mbedtls-2.16.5/programs/pkey/pk_encrypt.c:176:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:108:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/pk_sign.c:184:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/pk_verify.c:147:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:104:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) );
data/mbedtls-2.16.5/programs/pkey/rsa_decrypt.c:207:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:98:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) );
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:133:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( argv[1] ) > 100 )
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:139:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( input, argv[1], strlen( argv[1] ) );
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:149:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( argv[1] ), input, buf );
data/mbedtls-2.16.5/programs/pkey/rsa_encrypt.c:184:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c:92:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/rsa_genkey.c:186:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_sign.c:188:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:98:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/pkey/rsa_sign_pss.c:175:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_verify.c:161:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/pkey/rsa_verify_pss.c:152:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:134:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/dtls_client.c:351:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:202:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/dtls_server.c:426:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/mini_client.c:197:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const unsigned char *) pers, strlen( pers ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/query_config.c:116:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" )
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:119:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_client1.c:312:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1068:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.psk ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1073:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.psk ) % 2 != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1079:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psk_len = strlen( opt.psk ) / 2;
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1081:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( j = 0; j < strlen( opt.psk ); j += 2 )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1199:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1222:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.ca_path ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1224:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( strlen( opt.ca_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1277:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.crt_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1302:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.key_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1500:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.psk_identity ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1542:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.ecjpake_pw ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1736:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tail_len = (int) strlen( GET_REQUEST_END );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:1746:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
data/mbedtls-2.16.5/programs/ssl/ssl_client2.c:2139:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:135:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_fork_server.c:416:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:494:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:509:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.ca_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:539:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.crt_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.key_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:739:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.user_name ) );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:759:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.user_pwd ) );
data/mbedtls-2.16.5/programs/ssl/ssl_mail_client.c:853:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:410:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_pthread_server.c:524:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:189:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server.c:397:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:734:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( name_len == strlen( cur->name ) &&
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:778:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*olen = strlen( input );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:874:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( name_len == strlen( cur->name ) &&
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:1999:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2022:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.ca_path ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2024:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( strlen( opt.ca_file ) )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2071:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2081:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2096:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2106:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2537:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2537:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2541:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.psk_identity ) );
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:2683:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( opt.ecjpake_pw ) ) ) != 0 )
data/mbedtls-2.16.5/programs/ssl/ssl_server2.c:3213:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/test/benchmark.c:1000:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/test/selftest.c:496:27: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/test/udp_proxy.c:257:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( q );
data/mbedtls-2.16.5/programs/test/udp_proxy.c:923:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/test/zeroize.c:85:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( ( c = fgetc( fp ) ) != EOF && p < end - 1 )
data/mbedtls-2.16.5/programs/util/pem2der.c:290:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/util/strerror.c:87:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/wince_main.c:37:15: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen( targv[i] ) + 1;
data/mbedtls-2.16.5/programs/x509/cert_app.c:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.ca_path ) )
data/mbedtls-2.16.5/programs/x509/cert_app.c:267:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( strlen( opt.ca_file ) )
data/mbedtls-2.16.5/programs/x509/cert_app.c:281:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.crl_file ) )
data/mbedtls-2.16.5/programs/x509/cert_app.c:378:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/x509/cert_app.c:493:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/x509/cert_req.c:141:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (char *) output_buf );
data/mbedtls-2.16.5/programs/x509/cert_req.c:368:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/x509/cert_req.c:444:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/x509/cert_write.c:201:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( (char *) output_buf );
data/mbedtls-2.16.5/programs/x509/cert_write.c:487:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( pers ) ) ) != 0 )
data/mbedtls-2.16.5/programs/x509/cert_write.c:514:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !opt.selfsign && strlen( opt.issuer_crt ) )
data/mbedtls-2.16.5/programs/x509/cert_write.c:548:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !opt.selfsign && strlen( opt.request_file ) )
data/mbedtls-2.16.5/programs/x509/cert_write.c:584:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !opt.selfsign && !strlen( opt.request_file ) )
data/mbedtls-2.16.5/programs/x509/cert_write.c:617:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( opt.issuer_crt ) )
data/mbedtls-2.16.5/programs/x509/cert_write.c:811:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/x509/crl_app.c:147:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
data/mbedtls-2.16.5/programs/x509/req_app.c:147:23: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fflush( stdout ); getchar();
ANALYSIS SUMMARY:
Hits = 1697
Lines analyzed = 137181 in approximately 3.66 seconds (37512 lines/second)
Physical Source Lines of Code (SLOC) = 85908
Hits@level = [0] 69 [1] 175 [2] 1366 [3] 11 [4] 145 [5] 0
Hits@level+ = [0+] 1766 [1+] 1697 [2+] 1522 [3+] 156 [4+] 145 [5+] 0
Hits/KSLOC@level+ = [0+] 20.5569 [1+] 19.7537 [2+] 17.7166 [3+] 1.8159 [4+] 1.68785 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.