Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/neard-0.16/se/se.c Examining data/neard-0.16/se/apdu.c Examining data/neard-0.16/se/seel.h Examining data/neard-0.16/se/channel.c Examining data/neard-0.16/se/main.c Examining data/neard-0.16/se/plugins/nfc.c Examining data/neard-0.16/se/manager.h Examining data/neard-0.16/se/driver.c Examining data/neard-0.16/se/ace.c Examining data/neard-0.16/se/manager.c Examining data/neard-0.16/se/driver.h Examining data/neard-0.16/src/bluetooth.c Examining data/neard-0.16/src/dbus.c Examining data/neard-0.16/src/netlink.c Examining data/neard-0.16/src/ndef.c Examining data/neard-0.16/src/snep.c Examining data/neard-0.16/src/agent.c Examining data/neard-0.16/src/plugin.c Examining data/neard-0.16/src/adapter.c Examining data/neard-0.16/src/device.c Examining data/neard-0.16/src/near.h Examining data/neard-0.16/src/main.c Examining data/neard-0.16/src/tag.c Examining data/neard-0.16/src/tlv.c Examining data/neard-0.16/src/manager.c Examining data/neard-0.16/src/error.c Examining data/neard-0.16/src/log.c Examining data/neard-0.16/gdbus/polkit.c Examining data/neard-0.16/gdbus/gdbus.h Examining data/neard-0.16/gdbus/object.c Examining data/neard-0.16/gdbus/mainloop.c Examining data/neard-0.16/gdbus/watch.c Examining data/neard-0.16/gdbus/client.c Examining data/neard-0.16/plugins/npp.c Examining data/neard-0.16/plugins/handover.c Examining data/neard-0.16/plugins/snep-validation.c Examining data/neard-0.16/plugins/snep.c Examining data/neard-0.16/plugins/nfctype1.c Examining data/neard-0.16/plugins/llcp-validation.c Examining data/neard-0.16/plugins/p2p.c Examining data/neard-0.16/plugins/p2p.h Examining data/neard-0.16/plugins/nfctype4.c Examining data/neard-0.16/plugins/mifare.c Examining data/neard-0.16/plugins/nfctype3.c Examining data/neard-0.16/plugins/phdc.c Examining data/neard-0.16/plugins/nfctype2.c Examining data/neard-0.16/plugins/nfctype5.c Examining data/neard-0.16/tools/nfctool/sniffer.c Examining data/neard-0.16/tools/nfctool/sniffer.h Examining data/neard-0.16/tools/nfctool/nfctool.h Examining data/neard-0.16/tools/nfctool/netlink.c Examining data/neard-0.16/tools/nfctool/llcp-decode.c Examining data/neard-0.16/tools/nfctool/snep-decode.h Examining data/neard-0.16/tools/nfctool/adapter.h Examining data/neard-0.16/tools/nfctool/display.c Examining data/neard-0.16/tools/nfctool/llcp-decode.h Examining data/neard-0.16/tools/nfctool/ndef-decode.h Examining data/neard-0.16/tools/nfctool/netlink.h Examining data/neard-0.16/tools/nfctool/adapter.c Examining data/neard-0.16/tools/nfctool/ndef-decode.c Examining data/neard-0.16/tools/nfctool/main.c Examining data/neard-0.16/tools/nfctool/snep-decode.c Examining data/neard-0.16/tools/nfctool/display.h Examining data/neard-0.16/tools/snep-send.c Examining data/neard-0.16/tools/nciattach.c Examining data/neard-0.16/include/dbus.h Examining data/neard-0.16/include/log.h Examining data/neard-0.16/include/plugin.h Examining data/neard-0.16/include/adapter.h Examining data/neard-0.16/include/setting.h Examining data/neard-0.16/include/nfc_copy.h Examining data/neard-0.16/include/tlv.h Examining data/neard-0.16/include/device.h Examining data/neard-0.16/include/tag.h Examining data/neard-0.16/include/snep.h Examining data/neard-0.16/include/types.h Examining data/neard-0.16/include/ndef.h Examining data/neard-0.16/unit/test-snep-read.c Examining data/neard-0.16/unit/test-ndef-build.c Examining data/neard-0.16/unit/test-utils.c Examining data/neard-0.16/unit/test-ndef-parse.c Examining data/neard-0.16/unit/test-utils.h FINAL RESULTS: data/neard-0.16/gdbus/gdbus.h:239:28: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 4, 5))); data/neard-0.16/gdbus/gdbus.h:246:28: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 3, 4))); data/neard-0.16/gdbus/gdbus.h:259:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 4, 5))); data/neard-0.16/gdbus/object.c:1416:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(str, sizeof(str), format, args); data/neard-0.16/include/log.h:23:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/neard-0.16/include/log.h:25:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/neard-0.16/include/log.h:27:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/neard-0.16/include/log.h:29:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/neard-0.16/plugins/p2p.c:78:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.service_name, driver->service_name); data/neard-0.16/plugins/p2p.c:319:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.service_name, driver->service_name); data/neard-0.16/plugins/p2p.c:550:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(addr.service_name, driver->service_name); data/neard-0.16/tools/nciattach.c:269:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dev, opt); data/neard-0.16/tools/nciattach.c:274:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(driver, argv[optind]); data/neard-0.16/tools/nfctool/nfctool.h:46:31: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define print_error(fmt, ...) fprintf(stderr, fmt"\n", ## __VA_ARGS__) data/neard-0.16/tools/nfctool/sniffer.c:206:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(line, fmt, offset); data/neard-0.16/src/bluetooth.c:858:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. char random[OOB_SP_SIZE]; data/neard-0.16/src/bluetooth.c:896:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. hash, random) == OOB_SP_SIZE) { data/neard-0.16/src/bluetooth.c:907:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. memcpy(data->data + offset, random, OOB_SP_SIZE); data/neard-0.16/src/ndef.c:2300:29: [3] (random) g_random_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. collision = GUINT16_TO_BE(g_random_int_range(0, G_MAXUINT16 + 1)); data/neard-0.16/tools/nciattach.c:237:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt=getopt(argc, argv, "np")) != EOF) { data/neard-0.16/gdbus/client.c:677:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_as_str[2]; data/neard-0.16/gdbus/client.c:742:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char array_sig[3]; data/neard-0.16/gdbus/client.c:743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_sig[2]; data/neard-0.16/gdbus/object.c:1413:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[1024]; data/neard-0.16/gdbus/watch.c:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH]; data/neard-0.16/gdbus/watch.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rule[DBUS_MAXIMUM_MATCH_RULE_LENGTH]; data/neard-0.16/include/nfc_copy.h:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service_name[NFC_LLCP_MAX_SERVICE_NAME]; /* Service name URI */; data/neard-0.16/plugins/llcp-validation.c:155:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(i_sdu->data, clt->miu_buffer, len); data/neard-0.16/plugins/mifare.c:264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd.key, key_ref, MAD_KEY_LEN); data/neard-0.16/plugins/mifare.c:267:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len); data/neard-0.16/plugins/mifare.c:369:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mf_ck->rs_pmem + mf_ck->rws_completed * DEFAULT_BLOCK_SIZE, data/neard-0.16/plugins/mifare.c:929:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd.key, key_ref, MAD_KEY_LEN); data/neard-0.16/plugins/mifare.c:932:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd.nfcid, cookie->nfcid1, cookie->nfcid1_len); data/neard-0.16/plugins/mifare.c:958:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, mf_ck->ndef->data + data/neard-0.16/plugins/mifare.c:962:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, mf_ck->ndef->data + mf_ck->ndef->offset, data/neard-0.16/plugins/nfctype1.c:138:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd->uid, tag->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tagdata + t1_tag->data_read, resp + 2, length); data/neard-0.16/plugins/nfctype1.c:334:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tagdata, pndef, length); data/neard-0.16/plugins/nfctype1.c:417:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t1_tag->uid, cookie->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:450:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tagdata, cc + LEN_CC_BYTES, TAG_T1_DATA_LENGTH(cc)); data/neard-0.16/plugins/nfctype1.c:512:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t1_cmd.uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:514:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:546:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:547:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:617:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, cookie->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:655:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, cookie->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:691:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:702:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:801:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t1_cmd.uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:839:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, cookie->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:893:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->uid, uid, UID_LENGTH); data/neard-0.16/plugins/nfctype1.c:906:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.uid, cookie->uid, UID_LENGTH); data/neard-0.16/plugins/nfctype2.c:156:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read); data/neard-0.16/plugins/nfctype2.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, cookie->ndef->data + data/neard-0.16/plugins/nfctype2.c:377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, cookie->ndef->data + cookie->ndef->offset, data/neard-0.16/plugins/nfctype2.c:416:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, cookie->ndef->data, BLOCK_SIZE); data/neard-0.16/plugins/nfctype2.c:615:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd.data, (uint8_t *) t2_cc, BLOCK_SIZE); data/neard-0.16/plugins/nfctype3.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd->data, UID, LEN_ID); /* IDm */ data/neard-0.16/plugins/nfctype3.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd->data + LEN_ID + 6, data, BLOCK_SIZE); /* data to write */ data/neard-0.16/plugins/nfctype3.c:186:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd->data, UID, LEN_ID); /* IDm */ data/neard-0.16/plugins/nfctype3.c:242:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfc_data + current_length, resp + OFS_READ_DATA, length_read); data/neard-0.16/plugins/nfctype3.c:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t3_tag->IDm, cookie->IDm, LEN_ID); data/neard-0.16/plugins/nfctype3.c:494:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->IDm, resp + OFS_IDM, LEN_ID); data/neard-0.16/plugins/nfctype3.c:636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padding, cookie->ndef->data + cookie->ndef->offset, data/neard-0.16/plugins/nfctype3.c:694:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->IDm, idm, len); data/neard-0.16/plugins/nfctype3.c:700:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->attr, attr, len); data/neard-0.16/plugins/nfctype3.c:910:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->mc_block, resp + 14, BLOCK_SIZE); data/neard-0.16/plugins/nfctype3.c:961:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->IDm, idm, len); data/neard-0.16/plugins/nfctype4.c:229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd->data, cmd_data, cmd_data_length); data/neard-0.16/plugins/nfctype4.c:341:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfc_data + current_length, resp + NFC_HEADER_SIZE, length_read); data/neard-0.16/plugins/nfctype4.c:839:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(read_cc, &resp[1], length - 2 - NFC_STATUS_BYTE_LEN) ; data/neard-0.16/plugins/nfctype4.c:1006:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_data + 1, ndef_file_offset, ARRAY_SIZE(ndef_file_offset)); data/neard-0.16/plugins/nfctype4.c:1007:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_data + 4, empty_ndef_file_len, data/neard-0.16/plugins/nfctype4.c:1009:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_data + 7, ndef_nlen, ARRAY_SIZE(ndef_nlen)); data/neard-0.16/plugins/nfctype4.c:1055:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef->file_id, iso_ndef_file_id, ARRAY_SIZE(iso_ndef_file_id)); data/neard-0.16/plugins/nfctype4.c:1057:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef->access_rights, ndef_file_access_rights, data/neard-0.16/plugins/nfctype4.c:1114:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->offset, cc_file_offset, ARRAY_SIZE(cc_file_offset)); data/neard-0.16/plugins/nfctype4.c:1115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->max_len, cc_file_max_len, ARRAY_SIZE(cc_file_max_len)); data/neard-0.16/plugins/nfctype4.c:1116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->cc_len, cc_len, ARRAY_SIZE(cc_len)); data/neard-0.16/plugins/nfctype4.c:1118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->mle, mle_r_apdu, ARRAY_SIZE(mle_r_apdu)); data/neard-0.16/plugins/nfctype4.c:1119:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->mlc, mlc_c_apdu, ARRAY_SIZE(mlc_c_apdu)); data/neard-0.16/plugins/nfctype4.c:1120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->ndef_tlv, ndef_tlv, ARRAY_SIZE(ndef_tlv)); data/neard-0.16/plugins/nfctype4.c:1172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->file_id, iso_cc_file_id, ARRAY_SIZE(iso_cc_file_id)); data/neard-0.16/plugins/nfctype4.c:1174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->access_rights, cc_file_access_rights, data/neard-0.16/plugins/nfctype4.c:1176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cc->size, cc_file_max_len, ARRAY_SIZE(cc_file_max_len)); data/neard-0.16/plugins/nfctype4.c:1225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_data, desfire_aid_1, cmd_data_length); data/neard-0.16/plugins/nfctype4.c:1269:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app->aid, desfire_aid_1, ARRAY_SIZE(desfire_aid_1)); data/neard-0.16/plugins/nfctype4.c:1272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app->file_id, desfire_file_id, ARRAY_SIZE(desfire_file_id)); data/neard-0.16/plugins/nfctype4.c:1273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app->iso_appname, iso_appname_v2, ARRAY_SIZE(iso_appname_v2)); data/neard-0.16/plugins/nfctype4.c:1322:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_data, desfire_aid, cmd_data_length); data/neard-0.16/plugins/nfctype5.c:335:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cookie->buf[cookie->dst_offset], data/neard-0.16/plugins/nfctype5.c:463:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t5_cmd->data, &cookie->buf[cookie->src_offset], blk_size); data/neard-0.16/plugins/nfctype5.c:522:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t5_cmd->data, buf, blk_size); data/neard-0.16/plugins/nfctype5.c:629:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cookie->buf, t5_resp->data, length - 2); data/neard-0.16/plugins/npp.c:183:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->ndef, ndef->data, ndef->length); data/neard-0.16/se/ace.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aid[3 * MAX_AID_LEN + 1]; data/neard-0.16/se/ace.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[3 * APP_HASH_LEN + 1]; data/neard-0.16/se/ace.c:127:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(aid + (3 * i), "%02X ", rule->aid[i]); data/neard-0.16/se/ace.c:136:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hash + (3 * i), "%02X ", rule->hash[i]); data/neard-0.16/se/ace.c:198:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace_rule->aid, rule_ptr, do_length); data/neard-0.16/se/ace.c:217:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace_rule->hash, rule_ptr, do_length); data/neard-0.16/se/ace.c:256:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace_rule->apdu_rules, rule_ptr, do_length); data/neard-0.16/se/ace.c:444:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace->rules_payload + ace->current_rules_length, data/neard-0.16/se/ace.c:524:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace->rules_payload, data/neard-0.16/se/ace.c:568:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ace->rules_tag, apdu + GET_REFRESH_DATA_CMD_LEN data/neard-0.16/se/apdu.c:106:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&iso_apdu->body[1], data, data_length); data/neard-0.16/se/apdu.c:144:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_apdu->apdu, apdu, length); data/neard-0.16/se/apdu.c:159:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + (3 * i), "%02X ", apdu[i]); data/neard-0.16/se/channel.c:208:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(channel->aid, aid, aid_len); data/neard-0.16/src/adapter.c:88:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/neard-0.16/src/agent.c:311:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_data->data, oob_data, size); data/neard-0.16/src/agent.c:329:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_data->data, oob_data, size); data/neard-0.16/src/agent.c:342:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_data->data, oob_data, size); data/neard-0.16/src/bluetooth.c:385:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->uuids, &value, oob->uuids_len); data/neard-0.16/src/bluetooth.c:622:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->bt_name, data, oob->bt_name_len); data/neard-0.16/src/bluetooth.c:640:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->spair_hash, data, OOB_SP_SIZE); data/neard-0.16/src/bluetooth.c:648:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->spair_randomizer, data/neard-0.16/src/bluetooth.c:743:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->authentication, ptr, 4); data/neard-0.16/src/bluetooth.c:746:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->authentication, ptr, 16); data/neard-0.16/src/bluetooth.c:754:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oob->bt_name, ptr, oob->bt_name_len); data/neard-0.16/src/bluetooth.c:857:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[OOB_SP_SIZE]; data/neard-0.16/src/bluetooth.c:858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char random[OOB_SP_SIZE]; data/neard-0.16/src/bluetooth.c:876:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + offset, bt_def_oob_data.bd_addr, BT_ADDRESS_SIZE); data/neard-0.16/src/bluetooth.c:885:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + offset, data/neard-0.16/src/bluetooth.c:902:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + offset, hash, OOB_SP_SIZE); data/neard-0.16/src/bluetooth.c:907:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + offset, random, OOB_SP_SIZE); data/neard-0.16/src/bluetooth.c:931:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + offset, bt_def_oob_data.bt_name, name_len); data/neard-0.16/src/device.c:288:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(device->data, data, data_length); data/neard-0.16/src/device.c:357:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(device->nfcid, nfcid, nfcid_len); data/neard-0.16/src/ndef.c:281:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *uri_prefixes[NFC_MAX_URI_ID + 1] = { data/neard-0.16/src/ndef.c:1090:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(type, rec + offset, rec_header->type_len); data/neard-0.16/src/ndef.c:1106:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec_header->il_field, rec + offset, data/neard-0.16/src/ndef.c:1225:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uri_payload->field, payload + offset, data/neard-0.16/src/ndef.c:1540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_temp->data, ndef_data + offset, c_temp->size); data/neard-0.16/src/ndef.c:1546:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_temp->data, ndef_data + offset, c_temp->size); data/neard-0.16/src/ndef.c:1551:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_temp->data, ndef_data + offset, c_temp->size); data/neard-0.16/src/ndef.c:1566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mime->payload, ndef_data + offset, mime->payload_len); data/neard-0.16/src/ndef.c:1699:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, type_name, type_len); data/neard-0.16/src/ndef.c:1704:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, payload_id, payload_id_len); data/neard-0.16/src/ndef.c:1770:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ac_payload->cdr, payload + offset, ac_payload->cdr_len); data/neard-0.16/src/ndef.c:1786:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ac_payload->adata, payload + offset, data/neard-0.16/src/ndef.c:1819:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ac_msg->data + ac_msg->offset, cdr, cdr_len); /* cdr */ data/neard-0.16/src/ndef.c:1867:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, data, data_len); data/neard-0.16/src/ndef.c:2041:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ho->data + ho->offset, ac->data, ac->length); data/neard-0.16/src/ndef.c:2064:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ho->data + offset, cfg->data, cfg->length); data/neard-0.16/src/ndef.c:2103:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hs_msg->data + hs_msg->offset, ac_msg->data, ac_msg->length); data/neard-0.16/src/ndef.c:2345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ho_msg->data + ho_msg->offset, data/neard-0.16/src/ndef.c:2927:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(record->data, record_start, record->data_len); data/neard-0.16/src/ndef.c:3109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, language_code, code_len); data/neard-0.16/src/ndef.c:3114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, text, text_len); data/neard-0.16/src/ndef.c:3153:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, field, field_length); data/neard-0.16/src/ndef.c:3187:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data + msg->offset, uri->data, uri->length); data/neard-0.16/src/ndef.c:3409:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv + offset, data, data_len); data/neard-0.16/src/ndef.c:3515:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mime->data + mime->offset, tlv, tlv_len); data/neard-0.16/src/ndef.c:3577:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mime->data + mime->offset, payload, payload_len); data/neard-0.16/src/ndef.c:3631:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mime->data + mime->offset, data/neard-0.16/src/ndef.c:3826:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(to->data + to->length, from->data, from->length); data/neard-0.16/src/netlink.c:517:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfcid, nla_data(attrs[NFC_ATTR_TARGET_NFCID1]), data/neard-0.16/src/netlink.c:530:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iso15693_uid, data/neard-0.16/src/snep.c:374:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragment->data, ndef->data + ndef->offset, data/neard-0.16/src/snep.c:683:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragment->data, (uint8_t *)&header, NEAR_SNEP_REQ_PUT_HEADER_LENGTH); data/neard-0.16/src/snep.c:691:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragment->data + snep_req_header_length, ndef->data, data/neard-0.16/src/snep.c:702:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fragment->data + snep_req_header_length, data/neard-0.16/src/snep.c:761:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef->data, data, length); data/neard-0.16/src/tag.c:419:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef_with_header->data + tlv_len_size - 1, ndef->data, data/neard-0.16/src/tag.c:438:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef_with_header->data, ndef->data, ndef->length); data/neard-0.16/src/tag.c:457:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ndef_with_header->data + 2, ndef->data, ndef->length); data/neard-0.16/src/tag.c:644:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->nfcid, nfcid, nfcid_len); data/neard-0.16/src/tag.c:647:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->iso15693_uid, iso15693_uid, iso15693_uid_len); data/neard-0.16/src/tag.c:747:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfcid, tag->nfcid, tag->nfcid_len); data/neard-0.16/src/tag.c:774:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->nfcid, nfcid, nfcid_len); data/neard-0.16/src/tag.c:793:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iso15693_dsfid, &tag->iso15693_dsfid, data/neard-0.16/src/tag.c:815:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iso15693_uid, tag->iso15693_uid, NFC_MAX_ISO15693_UID_LEN); data/neard-0.16/src/tag.c:838:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->data, data, data_length); data/neard-0.16/src/tag.c:1010:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->t3.IDm, idm, len); data/neard-0.16/src/tag.c:1028:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tag->t3.attr, attr, len); data/neard-0.16/tools/nciattach.c:165:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev, O_RDWR | O_NOCTTY); data/neard-0.16/tools/nciattach.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev[PATH_MAX]; data/neard-0.16/tools/nciattach.c:232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[32]; data/neard-0.16/tools/nciattach.c:268:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dev, "/dev/"); data/neard-0.16/tools/nciattach.c:278:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). speed = atoi(argv[optind]); data/neard-0.16/tools/nfctool/llcp-decode.c:247:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "%d.%d", major, minor); data/neard-0.16/tools/nfctool/llcp-decode.c:252:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "%d", miux); data/neard-0.16/tools/nfctool/llcp-decode.c:257:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "0x%02hX", wks); data/neard-0.16/tools/nfctool/llcp-decode.c:261:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "%d", param[2]); data/neard-0.16/tools/nfctool/llcp-decode.c:265:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "%d", param[2] & 0x0F); data/neard-0.16/tools/nfctool/llcp-decode.c:276:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "0x%X", param[2] & 0x03); data/neard-0.16/tools/nfctool/llcp-decode.c:287:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(param_str, "TID:%d, SAP:%d", param[2], param[3] & 0x3F); data/neard-0.16/tools/nfctool/llcp-decode.c:390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdu + NFC_LLCP_RAW_HEADER_SIZE, data/neard-0.16/tools/nfctool/llcp-decode.c:553:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(time_str, "%c%lu.%06lus", prefix, msg_timestamp.tv_sec, data/neard-0.16/tools/nfctool/ndef-decode.c:274:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&payload_len, record + record_offset, 4); data/neard-0.16/tools/nfctool/snep-decode.c:124:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frag->buffer + frag->received, packet->llcp.data, data/neard-0.16/tools/nfctool/snep-decode.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frag->buffer, packet->snep.data, packet->snep.real_len); data/neard-0.16/tools/nfctool/snep-decode.c:202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&acceptable_len, packet->snep.data, 4); data/neard-0.16/tools/nfctool/snep-decode.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data_len, data + 2, 4); data/neard-0.16/tools/nfctool/sniffer.c:101:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcap_file = fopen(pcap_filename, "w"); data/neard-0.16/tools/nfctool/sniffer.c:216:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hexa, "%02hhX ", data[total]); data/neard-0.16/tools/nfctool/sniffer.c:290:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msg_timestamp, CMSG_DATA(cmsg), sizeof(struct timeval)); data/neard-0.16/tools/snep-send.c:62:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). adapter_idx = atoi(argv[1]); data/neard-0.16/tools/snep-send.c:63:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). target_idx = atoi(argv[2]); data/neard-0.16/tools/snep-send.c:75:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(addr.service_name, "urn:nfc:sn:snep"); data/neard-0.16/tools/snep-send.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frame->ndef, ndef->data, ndef->length); data/neard-0.16/unit/test-snep-read.c:122:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nfc_data + offset, fragment->nfc_data, data/neard-0.16/unit/test-snep-read.c:261:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req->ndef, data, payload_len); data/neard-0.16/unit/test-snep-read.c:292:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req->ndef, &acc_len_be, sizeof(acc_len_be)); data/neard-0.16/unit/test-snep-read.c:293:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req->ndef + sizeof(acc_len_be), data, payload_len); data/neard-0.16/unit/test-snep-read.c:320:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resp->info, data, info_len); data/neard-0.16/unit/test-snep-read.c:406:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_recvd + offset, resp, nbytes); data/neard-0.16/unit/test-snep-read.c:761:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_recvd, resp->info, nbytes - NEAR_SNEP_RESP_HEADER_LENGTH); data/neard-0.16/unit/test-snep-read.c:854:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req->ndef, ndef->data, ndef->length); data/neard-0.16/gdbus/object.c:703:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(parent_path)) data/neard-0.16/include/tag.h:69:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(uint32_t adapter_idx, uint32_t target_idx, data/neard-0.16/plugins/p2p.c:77:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addr.service_name_len = strlen(driver->service_name); data/neard-0.16/plugins/p2p.c:176:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return client_data->driver->read(client_data->fd, data/neard-0.16/plugins/p2p.c:318:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addr.service_name_len = strlen(driver->service_name); data/neard-0.16/plugins/p2p.c:549:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addr.service_name_len = strlen(driver->service_name); data/neard-0.16/plugins/p2p.h:40:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool (*read)(int client_fd, uint32_t adapter_idx, uint32_t target_idx, data/neard-0.16/plugins/phdc.c:504:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(sender, mgr->sender, strlen(mgr->sender))) data/neard-0.16/se/channel.c:186:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = g_try_malloc0(strlen(se_path) + 16); data/neard-0.16/se/channel.c:190:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_snprintf(path, strlen(se_path) + 16, "%s/channel%d", se_path, chn); data/neard-0.16/se/main.c:49:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read(fd, &si, sizeof(si)); data/neard-0.16/src/bluetooth.c:360:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oob->bt_name_len = strlen(oob->bt_name); data/neard-0.16/src/bluetooth.c:451:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bt_def_oob_data.bt_name_len = strlen(name); data/neard-0.16/src/dbus.c:40:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(ident); i++) { data/neard-0.16/src/dbus.c:61:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); data/neard-0.16/src/main.c:114:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read(fd, &si, sizeof(si)); data/neard-0.16/src/ndef.c:1629:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type_len = (type_name) ? strlen(type_name) : 0; data/neard-0.16/src/ndef.c:2760:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rec1->mime->type) != strlen(rec2->mime->type)) data/neard-0.16/src/ndef.c:2760:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rec1->mime->type) != strlen(rec2->mime->type)) data/neard-0.16/src/ndef.c:3094:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). code_len = strlen(language_code); data/neard-0.16/src/ndef.c:3095:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_len = strlen(text); data/neard-0.16/src/ndef.c:3332:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). id_len = strlen(uri_prefix); data/neard-0.16/src/ndef.c:3339:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri_len = strlen(uri) - id_len; data/neard-0.16/src/ndef.c:3373:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). id_len = strlen(uri_prefix); data/neard-0.16/src/ndef.c:3375:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uri_len = strlen(uri) - id_len; data/neard-0.16/src/ndef.c:3463:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ssid_len = strlen(ssid); data/neard-0.16/src/ndef.c:3466:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pass_len = strlen(passphrase); data/neard-0.16/src/tag.c:1088:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!driver->read) data/neard-0.16/src/tag.c:1118:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return driver->read(tag->adapter_idx, tag->target_idx, data/neard-0.16/tools/nfctool/sniffer.c:222:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(human, "|"); data/neard-0.16/tools/nfctool/sniffer.c:235:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(human, "|"); data/neard-0.16/tools/snep-send.c:74:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addr.service_name_len = strlen("urn:nfc:sn:snep"); data/neard-0.16/unit/test-ndef-parse.c:208:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert(record->uri->field_length == strlen("intel.com")); data/neard-0.16/unit/test-ndef-parse.c:281:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert(uri->field_length == strlen("intel.com")); data/neard-0.16/unit/test-ndef-parse.c:325:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_assert(uri->field_length == strlen("intel.com")); ANALYSIS SUMMARY: Hits = 245 Lines analyzed = 37938 in approximately 0.72 seconds (52582 lines/second) Physical Source Lines of Code (SLOC) = 26327 Hits@level = [0] 94 [1] 35 [2] 190 [3] 5 [4] 15 [5] 0 Hits@level+ = [0+] 339 [1+] 245 [2+] 210 [3+] 20 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 12.8765 [1+] 9.30604 [2+] 7.9766 [3+] 0.759676 [4+] 0.569757 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.