Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/neard-0.16/se/se.c
Examining data/neard-0.16/se/apdu.c
Examining data/neard-0.16/se/seel.h
Examining data/neard-0.16/se/channel.c
Examining data/neard-0.16/se/main.c
Examining data/neard-0.16/se/plugins/nfc.c
Examining data/neard-0.16/se/manager.h
Examining data/neard-0.16/se/driver.c
Examining data/neard-0.16/se/ace.c
Examining data/neard-0.16/se/manager.c
Examining data/neard-0.16/se/driver.h
Examining data/neard-0.16/src/bluetooth.c
Examining data/neard-0.16/src/dbus.c
Examining data/neard-0.16/src/netlink.c
Examining data/neard-0.16/src/ndef.c
Examining data/neard-0.16/src/snep.c
Examining data/neard-0.16/src/agent.c
Examining data/neard-0.16/src/plugin.c
Examining data/neard-0.16/src/adapter.c
Examining data/neard-0.16/src/device.c
Examining data/neard-0.16/src/near.h
Examining data/neard-0.16/src/main.c
Examining data/neard-0.16/src/tag.c
Examining data/neard-0.16/src/tlv.c
Examining data/neard-0.16/src/manager.c
Examining data/neard-0.16/src/error.c
Examining data/neard-0.16/src/log.c
Examining data/neard-0.16/gdbus/polkit.c
Examining data/neard-0.16/gdbus/gdbus.h
Examining data/neard-0.16/gdbus/object.c
Examining data/neard-0.16/gdbus/mainloop.c
Examining data/neard-0.16/gdbus/watch.c
Examining data/neard-0.16/gdbus/client.c
Examining data/neard-0.16/plugins/npp.c
Examining data/neard-0.16/plugins/handover.c
Examining data/neard-0.16/plugins/snep-validation.c
Examining data/neard-0.16/plugins/snep.c
Examining data/neard-0.16/plugins/nfctype1.c
Examining data/neard-0.16/plugins/llcp-validation.c
Examining data/neard-0.16/plugins/p2p.c
Examining data/neard-0.16/plugins/p2p.h
Examining data/neard-0.16/plugins/nfctype4.c
Examining data/neard-0.16/plugins/mifare.c
Examining data/neard-0.16/plugins/nfctype3.c
Examining data/neard-0.16/plugins/phdc.c
Examining data/neard-0.16/plugins/nfctype2.c
Examining data/neard-0.16/plugins/nfctype5.c
Examining data/neard-0.16/tools/nfctool/sniffer.c
Examining data/neard-0.16/tools/nfctool/sniffer.h
Examining data/neard-0.16/tools/nfctool/nfctool.h
Examining data/neard-0.16/tools/nfctool/netlink.c
Examining data/neard-0.16/tools/nfctool/llcp-decode.c
Examining data/neard-0.16/tools/nfctool/snep-decode.h
Examining data/neard-0.16/tools/nfctool/adapter.h
Examining data/neard-0.16/tools/nfctool/display.c
Examining data/neard-0.16/tools/nfctool/llcp-decode.h
Examining data/neard-0.16/tools/nfctool/ndef-decode.h
Examining data/neard-0.16/tools/nfctool/netlink.h
Examining data/neard-0.16/tools/nfctool/adapter.c
Examining data/neard-0.16/tools/nfctool/ndef-decode.c
Examining data/neard-0.16/tools/nfctool/main.c
Examining data/neard-0.16/tools/nfctool/snep-decode.c
Examining data/neard-0.16/tools/nfctool/display.h
Examining data/neard-0.16/tools/snep-send.c
Examining data/neard-0.16/tools/nciattach.c
Examining data/neard-0.16/include/dbus.h
Examining data/neard-0.16/include/log.h
Examining data/neard-0.16/include/plugin.h
Examining data/neard-0.16/include/adapter.h
Examining data/neard-0.16/include/setting.h
Examining data/neard-0.16/include/nfc_copy.h
Examining data/neard-0.16/include/tlv.h
Examining data/neard-0.16/include/device.h
Examining data/neard-0.16/include/tag.h
Examining data/neard-0.16/include/snep.h
Examining data/neard-0.16/include/types.h
Examining data/neard-0.16/include/ndef.h
Examining data/neard-0.16/unit/test-snep-read.c
Examining data/neard-0.16/unit/test-ndef-build.c
Examining data/neard-0.16/unit/test-utils.c
Examining data/neard-0.16/unit/test-ndef-parse.c
Examining data/neard-0.16/unit/test-utils.h
FINAL RESULTS:
data/neard-0.16/gdbus/gdbus.h:239:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/neard-0.16/gdbus/gdbus.h:246:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 3, 4)));
data/neard-0.16/gdbus/gdbus.h:259:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)));
data/neard-0.16/gdbus/object.c:1416:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str, sizeof(str), format, args);
data/neard-0.16/include/log.h:23:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/neard-0.16/include/log.h:25:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/neard-0.16/include/log.h:27:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/neard-0.16/include/log.h:29:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2)));
data/neard-0.16/plugins/p2p.c:78:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.service_name, driver->service_name);
data/neard-0.16/plugins/p2p.c:319:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.service_name, driver->service_name);
data/neard-0.16/plugins/p2p.c:550:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.service_name, driver->service_name);
data/neard-0.16/tools/nciattach.c:269:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dev, opt);
data/neard-0.16/tools/nciattach.c:274:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(driver, argv[optind]);
data/neard-0.16/tools/nfctool/nfctool.h:46:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define print_error(fmt, ...) fprintf(stderr, fmt"\n", ## __VA_ARGS__)
data/neard-0.16/tools/nfctool/sniffer.c:206:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(line, fmt, offset);
data/neard-0.16/src/bluetooth.c:858:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
char random[OOB_SP_SIZE];
data/neard-0.16/src/bluetooth.c:896:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
hash, random) == OOB_SP_SIZE) {
data/neard-0.16/src/bluetooth.c:907:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
memcpy(data->data + offset, random, OOB_SP_SIZE);
data/neard-0.16/src/ndef.c:2300:29: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
collision = GUINT16_TO_BE(g_random_int_range(0, G_MAXUINT16 + 1));
data/neard-0.16/tools/nciattach.c:237:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt=getopt(argc, argv, "np")) != EOF) {
data/neard-0.16/gdbus/client.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_as_str[2];
data/neard-0.16/gdbus/client.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array_sig[3];
data/neard-0.16/gdbus/client.c:743:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_sig[2];
data/neard-0.16/gdbus/object.c:1413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/neard-0.16/gdbus/watch.c:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH];
data/neard-0.16/gdbus/watch.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH];
data/neard-0.16/include/nfc_copy.h:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service_name[NFC_LLCP_MAX_SERVICE_NAME]; /* Service name URI */;
data/neard-0.16/plugins/llcp-validation.c:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i_sdu->data, clt->miu_buffer, len);
data/neard-0.16/plugins/mifare.c:264:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd.key, key_ref, MAD_KEY_LEN);
data/neard-0.16/plugins/mifare.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len);
data/neard-0.16/plugins/mifare.c:369:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mf_ck->rs_pmem + mf_ck->rws_completed * DEFAULT_BLOCK_SIZE,
data/neard-0.16/plugins/mifare.c:929:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd.key, key_ref, MAD_KEY_LEN);
data/neard-0.16/plugins/mifare.c:932:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len);
data/neard-0.16/plugins/mifare.c:958:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, mf_ck->ndef->data +
data/neard-0.16/plugins/mifare.c:962:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, mf_ck->ndef->data + mf_ck->ndef->offset,
data/neard-0.16/plugins/nfctype1.c:138:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->uid, tag->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:220:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagdata + t1_tag->data_read, resp + 2, length);
data/neard-0.16/plugins/nfctype1.c:334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagdata, pndef, length);
data/neard-0.16/plugins/nfctype1.c:417:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t1_tag->uid, cookie->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:450:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc));
data/neard-0.16/plugins/nfctype1.c:512:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t1_cmd.uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:514:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:617:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, cookie->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, cookie->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:691:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:702:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:801:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t1_cmd.uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:839:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, cookie->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:893:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->uid, uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype1.c:906:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.uid, cookie->uid, UID_LENGTH);
data/neard-0.16/plugins/nfctype2.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read);
data/neard-0.16/plugins/nfctype2.c:373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, cookie->ndef->data +
data/neard-0.16/plugins/nfctype2.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, cookie->ndef->data + cookie->ndef->offset,
data/neard-0.16/plugins/nfctype2.c:416:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, cookie->ndef->data, BLOCK_SIZE);
data/neard-0.16/plugins/nfctype2.c:615:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd.data, (uint8_t *) t2_cc, BLOCK_SIZE);
data/neard-0.16/plugins/nfctype3.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, UID, LEN_ID); /* IDm */
data/neard-0.16/plugins/nfctype3.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data + LEN_ID + 6, data, BLOCK_SIZE); /* data to write */
data/neard-0.16/plugins/nfctype3.c:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, UID, LEN_ID); /* IDm */
data/neard-0.16/plugins/nfctype3.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfc_data + current_length, resp + OFS_READ_DATA, length_read);
data/neard-0.16/plugins/nfctype3.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t3_tag->IDm, cookie->IDm, LEN_ID);
data/neard-0.16/plugins/nfctype3.c:494:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->IDm, resp + OFS_IDM, LEN_ID);
data/neard-0.16/plugins/nfctype3.c:636:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padding, cookie->ndef->data + cookie->ndef->offset,
data/neard-0.16/plugins/nfctype3.c:694:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->IDm, idm, len);
data/neard-0.16/plugins/nfctype3.c:700:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->attr, attr, len);
data/neard-0.16/plugins/nfctype3.c:910:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->mc_block, resp + 14, BLOCK_SIZE);
data/neard-0.16/plugins/nfctype3.c:961:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->IDm, idm, len);
data/neard-0.16/plugins/nfctype4.c:229:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd->data, cmd_data, cmd_data_length);
data/neard-0.16/plugins/nfctype4.c:341:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read);
data/neard-0.16/plugins/nfctype4.c:839:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ;
data/neard-0.16/plugins/nfctype4.c:1006:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_data + 1, ndef_file_offset, ARRAY_SIZE(ndef_file_offset));
data/neard-0.16/plugins/nfctype4.c:1007:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_data + 4, empty_ndef_file_len,
data/neard-0.16/plugins/nfctype4.c:1009:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_data + 7, ndef_nlen, ARRAY_SIZE(ndef_nlen));
data/neard-0.16/plugins/nfctype4.c:1055:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef->file_id, iso_ndef_file_id, ARRAY_SIZE(iso_ndef_file_id));
data/neard-0.16/plugins/nfctype4.c:1057:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef->access_rights, ndef_file_access_rights,
data/neard-0.16/plugins/nfctype4.c:1114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->offset, cc_file_offset, ARRAY_SIZE(cc_file_offset));
data/neard-0.16/plugins/nfctype4.c:1115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->max_len, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
data/neard-0.16/plugins/nfctype4.c:1116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->cc_len, cc_len, ARRAY_SIZE(cc_len));
data/neard-0.16/plugins/nfctype4.c:1118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->mle, mle_r_apdu, ARRAY_SIZE(mle_r_apdu));
data/neard-0.16/plugins/nfctype4.c:1119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->mlc, mlc_c_apdu, ARRAY_SIZE(mlc_c_apdu));
data/neard-0.16/plugins/nfctype4.c:1120:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->ndef_tlv, ndef_tlv, ARRAY_SIZE(ndef_tlv));
data/neard-0.16/plugins/nfctype4.c:1172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->file_id, iso_cc_file_id, ARRAY_SIZE(iso_cc_file_id));
data/neard-0.16/plugins/nfctype4.c:1174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->access_rights, cc_file_access_rights,
data/neard-0.16/plugins/nfctype4.c:1176:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cc->size, cc_file_max_len, ARRAY_SIZE(cc_file_max_len));
data/neard-0.16/plugins/nfctype4.c:1225:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_data, desfire_aid_1, cmd_data_length);
data/neard-0.16/plugins/nfctype4.c:1269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app->aid, desfire_aid_1, ARRAY_SIZE(desfire_aid_1));
data/neard-0.16/plugins/nfctype4.c:1272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app->file_id, desfire_file_id, ARRAY_SIZE(desfire_file_id));
data/neard-0.16/plugins/nfctype4.c:1273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(app->iso_appname, iso_appname_v2, ARRAY_SIZE(iso_appname_v2));
data/neard-0.16/plugins/nfctype4.c:1322:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd_data, desfire_aid, cmd_data_length);
data/neard-0.16/plugins/nfctype5.c:335:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cookie->buf[cookie->dst_offset],
data/neard-0.16/plugins/nfctype5.c:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t5_cmd->data, &cookie->buf[cookie->src_offset], blk_size);
data/neard-0.16/plugins/nfctype5.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t5_cmd->data, buf, blk_size);
data/neard-0.16/plugins/nfctype5.c:629:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie->buf, t5_resp->data, length - 2);
data/neard-0.16/plugins/npp.c:183:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->ndef, ndef->data, ndef->length);
data/neard-0.16/se/ace.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aid[3 * MAX_AID_LEN + 1];
data/neard-0.16/se/ace.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[3 * APP_HASH_LEN + 1];
data/neard-0.16/se/ace.c:127:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(aid + (3 * i), "%02X ", rule->aid[i]);
data/neard-0.16/se/ace.c:136:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hash + (3 * i), "%02X ", rule->hash[i]);
data/neard-0.16/se/ace.c:198:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace_rule->aid, rule_ptr, do_length);
data/neard-0.16/se/ace.c:217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace_rule->hash, rule_ptr, do_length);
data/neard-0.16/se/ace.c:256:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace_rule->apdu_rules, rule_ptr, do_length);
data/neard-0.16/se/ace.c:444:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace->rules_payload + ace->current_rules_length,
data/neard-0.16/se/ace.c:524:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace->rules_payload,
data/neard-0.16/se/ace.c:568:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ace->rules_tag, apdu + GET_REFRESH_DATA_CMD_LEN
data/neard-0.16/se/apdu.c:106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&iso_apdu->body[1], data, data_length);
data/neard-0.16/se/apdu.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_apdu->apdu, apdu, length);
data/neard-0.16/se/apdu.c:159:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str + (3 * i), "%02X ", apdu[i]);
data/neard-0.16/se/channel.c:208:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(channel->aid, aid, aid_len);
data/neard-0.16/src/adapter.c:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/neard-0.16/src/agent.c:311:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_data->data, oob_data, size);
data/neard-0.16/src/agent.c:329:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_data->data, oob_data, size);
data/neard-0.16/src/agent.c:342:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_data->data, oob_data, size);
data/neard-0.16/src/bluetooth.c:385:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->uuids, &value, oob->uuids_len);
data/neard-0.16/src/bluetooth.c:622:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->bt_name, data, oob->bt_name_len);
data/neard-0.16/src/bluetooth.c:640:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->spair_hash, data, OOB_SP_SIZE);
data/neard-0.16/src/bluetooth.c:648:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->spair_randomizer,
data/neard-0.16/src/bluetooth.c:743:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->authentication, ptr, 4);
data/neard-0.16/src/bluetooth.c:746:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->authentication, ptr, 16);
data/neard-0.16/src/bluetooth.c:754:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oob->bt_name, ptr, oob->bt_name_len);
data/neard-0.16/src/bluetooth.c:857:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hash[OOB_SP_SIZE];
data/neard-0.16/src/bluetooth.c:858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random[OOB_SP_SIZE];
data/neard-0.16/src/bluetooth.c:876:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + offset, bt_def_oob_data.bd_addr, BT_ADDRESS_SIZE);
data/neard-0.16/src/bluetooth.c:885:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + offset,
data/neard-0.16/src/bluetooth.c:902:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + offset, hash, OOB_SP_SIZE);
data/neard-0.16/src/bluetooth.c:907:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + offset, random, OOB_SP_SIZE);
data/neard-0.16/src/bluetooth.c:931:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + offset, bt_def_oob_data.bt_name, name_len);
data/neard-0.16/src/device.c:288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device->data, data, data_length);
data/neard-0.16/src/device.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(device->nfcid, nfcid, nfcid_len);
data/neard-0.16/src/ndef.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *uri_prefixes[NFC_MAX_URI_ID + 1] = {
data/neard-0.16/src/ndef.c:1090:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(type, rec + offset, rec_header->type_len);
data/neard-0.16/src/ndef.c:1106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec_header->il_field, rec + offset,
data/neard-0.16/src/ndef.c:1225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uri_payload->field, payload + offset,
data/neard-0.16/src/ndef.c:1540:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_temp->data, ndef_data + offset, c_temp->size);
data/neard-0.16/src/ndef.c:1546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_temp->data, ndef_data + offset, c_temp->size);
data/neard-0.16/src/ndef.c:1551:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c_temp->data, ndef_data + offset, c_temp->size);
data/neard-0.16/src/ndef.c:1566:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mime->payload, ndef_data + offset, mime->payload_len);
data/neard-0.16/src/ndef.c:1699:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, type_name, type_len);
data/neard-0.16/src/ndef.c:1704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, payload_id, payload_id_len);
data/neard-0.16/src/ndef.c:1770:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ac_payload->cdr, payload + offset, ac_payload->cdr_len);
data/neard-0.16/src/ndef.c:1786:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ac_payload->adata, payload + offset,
data/neard-0.16/src/ndef.c:1819:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ac_msg->data + ac_msg->offset, cdr, cdr_len); /* cdr */
data/neard-0.16/src/ndef.c:1867:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, data, data_len);
data/neard-0.16/src/ndef.c:2041:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ho->data + ho->offset, ac->data, ac->length);
data/neard-0.16/src/ndef.c:2064:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ho->data + offset, cfg->data, cfg->length);
data/neard-0.16/src/ndef.c:2103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hs_msg->data + hs_msg->offset, ac_msg->data, ac_msg->length);
data/neard-0.16/src/ndef.c:2345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ho_msg->data + ho_msg->offset,
data/neard-0.16/src/ndef.c:2927:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(record->data, record_start, record->data_len);
data/neard-0.16/src/ndef.c:3109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, language_code, code_len);
data/neard-0.16/src/ndef.c:3114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, text, text_len);
data/neard-0.16/src/ndef.c:3153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, field, field_length);
data/neard-0.16/src/ndef.c:3187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data + msg->offset, uri->data, uri->length);
data/neard-0.16/src/ndef.c:3409:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlv + offset, data, data_len);
data/neard-0.16/src/ndef.c:3515:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mime->data + mime->offset, tlv, tlv_len);
data/neard-0.16/src/ndef.c:3577:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mime->data + mime->offset, payload, payload_len);
data/neard-0.16/src/ndef.c:3631:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mime->data + mime->offset,
data/neard-0.16/src/ndef.c:3826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to->data + to->length, from->data, from->length);
data/neard-0.16/src/netlink.c:517:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfcid, nla_data(attrs[NFC_ATTR_TARGET_NFCID1]),
data/neard-0.16/src/netlink.c:530:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iso15693_uid,
data/neard-0.16/src/snep.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fragment->data, ndef->data + ndef->offset,
data/neard-0.16/src/snep.c:683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fragment->data, (uint8_t *)&header, NEAR_SNEP_REQ_PUT_HEADER_LENGTH);
data/neard-0.16/src/snep.c:691:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fragment->data + snep_req_header_length, ndef->data,
data/neard-0.16/src/snep.c:702:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fragment->data + snep_req_header_length,
data/neard-0.16/src/snep.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef->data, data, length);
data/neard-0.16/src/tag.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef_with_header->data + tlv_len_size - 1, ndef->data,
data/neard-0.16/src/tag.c:438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef_with_header->data, ndef->data, ndef->length);
data/neard-0.16/src/tag.c:457:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndef_with_header->data + 2, ndef->data, ndef->length);
data/neard-0.16/src/tag.c:644:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->nfcid, nfcid, nfcid_len);
data/neard-0.16/src/tag.c:647:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->iso15693_uid, iso15693_uid, iso15693_uid_len);
data/neard-0.16/src/tag.c:747:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfcid, tag->nfcid, tag->nfcid_len);
data/neard-0.16/src/tag.c:774:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->nfcid, nfcid, nfcid_len);
data/neard-0.16/src/tag.c:793:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iso15693_dsfid, &tag->iso15693_dsfid,
data/neard-0.16/src/tag.c:815:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iso15693_uid, tag->iso15693_uid, NFC_MAX_ISO15693_UID_LEN);
data/neard-0.16/src/tag.c:838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->data, data, data_length);
data/neard-0.16/src/tag.c:1010:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->t3.IDm, idm, len);
data/neard-0.16/src/tag.c:1028:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag->t3.attr, attr, len);
data/neard-0.16/tools/nciattach.c:165:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, O_RDWR | O_NOCTTY);
data/neard-0.16/tools/nciattach.c:231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[PATH_MAX];
data/neard-0.16/tools/nciattach.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[32];
data/neard-0.16/tools/nciattach.c:268:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dev, "/dev/");
data/neard-0.16/tools/nciattach.c:278:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed = atoi(argv[optind]);
data/neard-0.16/tools/nfctool/llcp-decode.c:247:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d.%d", major, minor);
data/neard-0.16/tools/nfctool/llcp-decode.c:252:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d", miux);
data/neard-0.16/tools/nfctool/llcp-decode.c:257:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "0x%02hX", wks);
data/neard-0.16/tools/nfctool/llcp-decode.c:261:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d", param[2]);
data/neard-0.16/tools/nfctool/llcp-decode.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d", param[2] & 0x0F);
data/neard-0.16/tools/nfctool/llcp-decode.c:276:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "0x%X", param[2] & 0x03);
data/neard-0.16/tools/nfctool/llcp-decode.c:287:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "TID:%d, SAP:%d", param[2], param[3] & 0x3F);
data/neard-0.16/tools/nfctool/llcp-decode.c:390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdu + NFC_LLCP_RAW_HEADER_SIZE,
data/neard-0.16/tools/nfctool/llcp-decode.c:553:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(time_str, "%c%lu.%06lus", prefix, msg_timestamp.tv_sec,
data/neard-0.16/tools/nfctool/ndef-decode.c:274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&payload_len, record + record_offset, 4);
data/neard-0.16/tools/nfctool/snep-decode.c:124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frag->buffer + frag->received, packet->llcp.data,
data/neard-0.16/tools/nfctool/snep-decode.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frag->buffer, packet->snep.data, packet->snep.real_len);
data/neard-0.16/tools/nfctool/snep-decode.c:202:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&acceptable_len, packet->snep.data, 4);
data/neard-0.16/tools/nfctool/snep-decode.c:224:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data_len, data + 2, 4);
data/neard-0.16/tools/nfctool/sniffer.c:101:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcap_file = fopen(pcap_filename, "w");
data/neard-0.16/tools/nfctool/sniffer.c:216:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexa, "%02hhX ", data[total]);
data/neard-0.16/tools/nfctool/sniffer.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msg_timestamp, CMSG_DATA(cmsg), sizeof(struct timeval));
data/neard-0.16/tools/snep-send.c:62:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adapter_idx = atoi(argv[1]);
data/neard-0.16/tools/snep-send.c:63:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target_idx = atoi(argv[2]);
data/neard-0.16/tools/snep-send.c:75:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(addr.service_name, "urn:nfc:sn:snep");
data/neard-0.16/tools/snep-send.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->ndef, ndef->data, ndef->length);
data/neard-0.16/unit/test-snep-read.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nfc_data + offset, fragment->nfc_data,
data/neard-0.16/unit/test-snep-read.c:261:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->ndef, data, payload_len);
data/neard-0.16/unit/test-snep-read.c:292:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->ndef, &acc_len_be, sizeof(acc_len_be));
data/neard-0.16/unit/test-snep-read.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->ndef + sizeof(acc_len_be), data, payload_len);
data/neard-0.16/unit/test-snep-read.c:320:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp->info, data, info_len);
data/neard-0.16/unit/test-snep-read.c:406:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_recvd + offset, resp, nbytes);
data/neard-0.16/unit/test-snep-read.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_recvd, resp->info, nbytes - NEAR_SNEP_RESP_HEADER_LENGTH);
data/neard-0.16/unit/test-snep-read.c:854:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(req->ndef, ndef->data, ndef->length);
data/neard-0.16/gdbus/object.c:703:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(parent_path))
data/neard-0.16/include/tag.h:69:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(uint32_t adapter_idx, uint32_t target_idx,
data/neard-0.16/plugins/p2p.c:77:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr.service_name_len = strlen(driver->service_name);
data/neard-0.16/plugins/p2p.c:176:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return client_data->driver->read(client_data->fd,
data/neard-0.16/plugins/p2p.c:318:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr.service_name_len = strlen(driver->service_name);
data/neard-0.16/plugins/p2p.c:549:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr.service_name_len = strlen(driver->service_name);
data/neard-0.16/plugins/p2p.h:40:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool (*read)(int client_fd, uint32_t adapter_idx, uint32_t target_idx,
data/neard-0.16/plugins/phdc.c:504:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(sender, mgr->sender, strlen(mgr->sender)))
data/neard-0.16/se/channel.c:186:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = g_try_malloc0(strlen(se_path) + 16);
data/neard-0.16/se/channel.c:190:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_snprintf(path, strlen(se_path) + 16, "%s/channel%d", se_path, chn);
data/neard-0.16/se/main.c:49:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/neard-0.16/src/bluetooth.c:360:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oob->bt_name_len = strlen(oob->bt_name);
data/neard-0.16/src/bluetooth.c:451:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bt_def_oob_data.bt_name_len = strlen(name);
data/neard-0.16/src/dbus.c:40:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(ident); i++) {
data/neard-0.16/src/dbus.c:61:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(value);
data/neard-0.16/src/main.c:114:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, &si, sizeof(si));
data/neard-0.16/src/ndef.c:1629:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_len = (type_name) ? strlen(type_name) : 0;
data/neard-0.16/src/ndef.c:2760:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec1->mime->type) != strlen(rec2->mime->type))
data/neard-0.16/src/ndef.c:2760:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec1->mime->type) != strlen(rec2->mime->type))
data/neard-0.16/src/ndef.c:3094:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_len = strlen(language_code);
data/neard-0.16/src/ndef.c:3095:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text);
data/neard-0.16/src/ndef.c:3332:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = strlen(uri_prefix);
data/neard-0.16/src/ndef.c:3339:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen(uri) - id_len;
data/neard-0.16/src/ndef.c:3373:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
id_len = strlen(uri_prefix);
data/neard-0.16/src/ndef.c:3375:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_len = strlen(uri) - id_len;
data/neard-0.16/src/ndef.c:3463:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssid_len = strlen(ssid);
data/neard-0.16/src/ndef.c:3466:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = strlen(passphrase);
data/neard-0.16/src/tag.c:1088:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!driver->read)
data/neard-0.16/src/tag.c:1118:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return driver->read(tag->adapter_idx, tag->target_idx,
data/neard-0.16/tools/nfctool/sniffer.c:222:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(human, "|");
data/neard-0.16/tools/nfctool/sniffer.c:235:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(human, "|");
data/neard-0.16/tools/snep-send.c:74:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr.service_name_len = strlen("urn:nfc:sn:snep");
data/neard-0.16/unit/test-ndef-parse.c:208:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(record->uri->field_length == strlen("intel.com"));
data/neard-0.16/unit/test-ndef-parse.c:281:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(uri->field_length == strlen("intel.com"));
data/neard-0.16/unit/test-ndef-parse.c:325:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(uri->field_length == strlen("intel.com"));
ANALYSIS SUMMARY:
Hits = 245
Lines analyzed = 37938 in approximately 0.72 seconds (52582 lines/second)
Physical Source Lines of Code (SLOC) = 26327
Hits@level = [0] 94 [1] 35 [2] 190 [3] 5 [4] 15 [5] 0
Hits@level+ = [0+] 339 [1+] 245 [2+] 210 [3+] 20 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 12.8765 [1+] 9.30604 [2+] 7.9766 [3+] 0.759676 [4+] 0.569757 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.