Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_account.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_account.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_inbound_group_session.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_jni.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_jni_helper.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_jni_helper.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_manager.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_manager.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_outbound_group_session.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_outbound_group_session.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_pk.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_pk.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_sas.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_sas.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_session.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_session.h
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_utility.cpp
Examining data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_utility.h
Examining data/olm-3.2.1~dfsg/fuzzers/fuzz_decode_message.cpp
Examining data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp
Examining data/olm-3.2.1~dfsg/fuzzers/fuzz_group_decrypt.cpp
Examining data/olm-3.2.1~dfsg/fuzzers/fuzz_unpickle_account.cpp
Examining data/olm-3.2.1~dfsg/fuzzers/fuzz_unpickle_session.cpp
Examining data/olm-3.2.1~dfsg/include/olm/base64.h
Examining data/olm-3.2.1~dfsg/include/olm/cipher.h
Examining data/olm-3.2.1~dfsg/include/olm/crypto.h
Examining data/olm-3.2.1~dfsg/include/olm/error.h
Examining data/olm-3.2.1~dfsg/include/olm/inbound_group_session.h
Examining data/olm-3.2.1~dfsg/include/olm/megolm.h
Examining data/olm-3.2.1~dfsg/include/olm/memory.h
Examining data/olm-3.2.1~dfsg/include/olm/message.h
Examining data/olm-3.2.1~dfsg/include/olm/olm.h
Examining data/olm-3.2.1~dfsg/include/olm/outbound_group_session.h
Examining data/olm-3.2.1~dfsg/include/olm/pickle.h
Examining data/olm-3.2.1~dfsg/include/olm/pickle_encoding.h
Examining data/olm-3.2.1~dfsg/include/olm/pk.h
Examining data/olm-3.2.1~dfsg/include/olm/sas.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/arcfour.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/arcfour.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/arcfour_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/blowfish.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/blowfish.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/blowfish_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/des.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/des.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/des_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1_test.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256.c
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256.h
Examining data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256_test.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna.h
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.h
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/python-src/curve25519/curve25519module.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/speed-curve25519.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/test-noncanon.c
Examining data/olm-3.2.1~dfsg/lib/curve25519-donna/test-sc-curve25519.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/add_scalar.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/ed25519.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/fe.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/fe.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/fixedint.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/ge.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/key_exchange.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/keypair.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/precomp_data.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/sc.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/sc.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/seed.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/sha512.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/sha512.h
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/sign.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/src/verify.c
Examining data/olm-3.2.1~dfsg/lib/ed25519/test.c
Examining data/olm-3.2.1~dfsg/python/dummy/stddef.h
Examining data/olm-3.2.1~dfsg/python/dummy/stdint.h
Examining data/olm-3.2.1~dfsg/src/account.cpp
Examining data/olm-3.2.1~dfsg/src/base64.cpp
Examining data/olm-3.2.1~dfsg/src/cipher.cpp
Examining data/olm-3.2.1~dfsg/src/crypto.cpp
Examining data/olm-3.2.1~dfsg/src/ed25519.c
Examining data/olm-3.2.1~dfsg/src/error.c
Examining data/olm-3.2.1~dfsg/src/inbound_group_session.c
Examining data/olm-3.2.1~dfsg/src/megolm.c
Examining data/olm-3.2.1~dfsg/src/memory.cpp
Examining data/olm-3.2.1~dfsg/src/message.cpp
Examining data/olm-3.2.1~dfsg/src/olm.cpp
Examining data/olm-3.2.1~dfsg/src/outbound_group_session.c
Examining data/olm-3.2.1~dfsg/src/pickle.cpp
Examining data/olm-3.2.1~dfsg/src/pickle_encoding.c
Examining data/olm-3.2.1~dfsg/src/pk.cpp
Examining data/olm-3.2.1~dfsg/src/ratchet.cpp
Examining data/olm-3.2.1~dfsg/src/sas.c
Examining data/olm-3.2.1~dfsg/src/session.cpp
Examining data/olm-3.2.1~dfsg/src/utility.cpp
Examining data/olm-3.2.1~dfsg/tests/test_base64.cpp
Examining data/olm-3.2.1~dfsg/tests/test_crypto.cpp
Examining data/olm-3.2.1~dfsg/tests/test_group_session.cpp
Examining data/olm-3.2.1~dfsg/tests/test_list.cpp
Examining data/olm-3.2.1~dfsg/tests/test_megolm.cpp
Examining data/olm-3.2.1~dfsg/tests/test_message.cpp
Examining data/olm-3.2.1~dfsg/tests/test_olm.cpp
Examining data/olm-3.2.1~dfsg/tests/test_olm_decrypt.cpp
Examining data/olm-3.2.1~dfsg/tests/test_olm_sha256.cpp
Examining data/olm-3.2.1~dfsg/tests/test_olm_signature.cpp
Examining data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp
Examining data/olm-3.2.1~dfsg/tests/test_pk.cpp
Examining data/olm-3.2.1~dfsg/tests/test_ratchet.cpp
Examining data/olm-3.2.1~dfsg/tests/test_sas.cpp
Examining data/olm-3.2.1~dfsg/tests/test_session.cpp
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMAccount.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMAccount_Private.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMInboundGroupSession.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMKit.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMMessage.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMOutboundGroupSession.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMPkDecryption.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMPkEncryption.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMPkMessage.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMPkSigning.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMSAS.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMSerializable.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMSession.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMSession_Private.h
Examining data/olm-3.2.1~dfsg/xcode/OLMKit/OLMUtility.h
FINAL RESULTS:
data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13_test.c:28:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, text);
data/olm-3.2.1~dfsg/include/olm/olm.h:170:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/olm.h:254:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/olm.h:267:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/olm.h:297:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/olm.h:418:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length,
data/olm-3.2.1~dfsg/include/olm/outbound_group_session.h:99:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint8_t *random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/pk.h:90:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const void * random, size_t random_length
data/olm-3.2.1~dfsg/include/olm/sas.h:72:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/account.cpp:92:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint8_t const * random, std::size_t random_length
data/olm-3.2.1~dfsg/src/account.cpp:99:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_ed25519_generate_key(random, &identity_keys.ed25519_key);
data/olm-3.2.1~dfsg/src/account.cpp:101:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key(random, &identity_keys.curve25519_key);
data/olm-3.2.1~dfsg/src/account.cpp:282:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t const * random, std::size_t random_length
data/olm-3.2.1~dfsg/src/account.cpp:292:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key(random, &key.key);
data/olm-3.2.1~dfsg/src/account.cpp:303:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t const * random, std::size_t random_length
data/olm-3.2.1~dfsg/src/account.cpp:312:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key(random, ¤t_fallback_key.key);
data/olm-3.2.1~dfsg/src/olm.cpp:316:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/olm.cpp:318:57: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
size_t result = from_c(account)->new_account(from_c(random), random_length);
data/olm-3.2.1~dfsg/src/olm.cpp:319:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
olm::unset(random, random_length);
data/olm-3.2.1~dfsg/src/olm.cpp:409:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/olm.cpp:413:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_c(random), random_length
data/olm-3.2.1~dfsg/src/olm.cpp:415:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
olm::unset(random, random_length);
data/olm-3.2.1~dfsg/src/olm.cpp:429:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/olm.cpp:432:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_c(random), random_length
data/olm-3.2.1~dfsg/src/olm.cpp:434:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
olm::unset(random, random_length);
data/olm-3.2.1~dfsg/src/olm.cpp:468:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/olm.cpp:489:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_c(random), random_length
data/olm-3.2.1~dfsg/src/olm.cpp:491:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
olm::unset(random, random_length);
data/olm-3.2.1~dfsg/src/olm.cpp:666:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length,
data/olm-3.2.1~dfsg/src/olm.cpp:679:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
from_c(random), random_length,
data/olm-3.2.1~dfsg/src/olm.cpp:682:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
olm::unset(random, random_length);
data/olm-3.2.1~dfsg/src/outbound_group_session.c:156:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint8_t *random, size_t random_length
data/olm-3.2.1~dfsg/src/outbound_group_session.c:158:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const uint8_t *random_ptr = random;
data/olm-3.2.1~dfsg/src/outbound_group_session.c:172:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_unset(random, random_length);
data/olm-3.2.1~dfsg/src/pk.cpp:111:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const void * random, size_t random_length
data/olm-3.2.1~dfsg/src/pk.cpp:130:59: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key((const uint8_t *) random, &ephemeral_keypair);
data/olm-3.2.1~dfsg/src/ratchet.cpp:424:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t const * random, std::size_t random_length,
data/olm-3.2.1~dfsg/src/ratchet.cpp:440:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key(random, &sender_chain[0].ratchet_key);
data/olm-3.2.1~dfsg/src/sas.c:59:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void * random, size_t random_length
data/olm-3.2.1~dfsg/src/sas.c:65:53: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key((uint8_t *) random, &sas->curve25519_key);
data/olm-3.2.1~dfsg/src/session.cpp:61:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t const * random, std::size_t random_length
data/olm-3.2.1~dfsg/src/session.cpp:69:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_olm_crypto_curve25519_generate_key(random, &base_key);
data/olm-3.2.1~dfsg/src/session.cpp:287:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t const * random, std::size_t random_length,
data/olm-3.2.1~dfsg/src/session.cpp:320:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random, random_length,
data/olm-3.2.1~dfsg/tests/test_olm.cpp:42:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::vector<std::uint8_t> random(::olm_create_account_random_length(account));
data/olm-3.2.1~dfsg/tests/test_olm.cpp:43:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mock_random(random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:43:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mock_random(random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:44:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::olm_create_account(account, random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:44:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::olm_create_account(account, random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:104:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::vector<std::uint8_t> random(::olm_create_account_random_length(account));
data/olm-3.2.1~dfsg/tests/test_olm.cpp:105:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mock_random(random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:105:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mock_random(random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:106:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::olm_create_account(account, random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:106:46: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::olm_create_account(account, random.data(), random.size());
data/olm-3.2.1~dfsg/tests/test_olm_signature.cpp:52:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mock_random_a(random, random_size);
data/olm-3.2.1~dfsg/tests/test_olm_signature.cpp:53:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::olm_create_account(account, random, random_size);
data/olm-3.2.1~dfsg/tests/test_olm_signature.cpp:54:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
::free(random);
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:88:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t random[] = "This is a random 32 byte string.";
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:92:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random, 32,
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:135:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t random[] = "This is a random 32 byte string.";
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:138:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random, 32,
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:193:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::uint8_t random[] = "This is a random 32 byte string";
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:199:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
plaintext, 15, random, 32, msg.data(), msg.size()
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:206:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[31]++;
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:210:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
plaintext, 15, random, 32, msg.data(), msg.size()
data/olm-3.2.1~dfsg/tests/test_ratchet.cpp:217:1: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random[31]++;
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp:266:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempEncryptedPtr, encryptedMsgPtr, encryptedMsgLength);
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_inbound_group_session.cpp:288:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempEncryptedPtr, encryptedMsgPtr, encryptedMsgLength);
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_jni_helper.cpp:75:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*aBuffer2Ptr, buffer, bufferLen);
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_manager.cpp:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[150];
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_pk.cpp:662:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempCiphertextPtr, ciphertextPtr, ciphertextLength);
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_session.cpp:669:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempEncryptedPtr, encryptedMsgPtr, encryptedMsgLength);
data/olm-3.2.1~dfsg/android/olm-sdk/src/main/jni/olm_session.cpp:692:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempEncryptedPtr, encryptedMsgPtr, encryptedMsgLength);
data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp:19:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
"Error opening session file", open(argv[2], O_RDONLY)
data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp:22:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int message_type = atoi(argv[3]);
data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buffer, message_buffer, message_length);
data/olm-3.2.1~dfsg/fuzzers/fuzz_group_decrypt.cpp:18:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
"Error opening session file", open(argv[2], O_RDONLY)
data/olm-3.2.1~dfsg/fuzzers/fuzz_group_decrypt.cpp:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_buffer, message_buffer, message_length);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_out, iv, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_in, &in[idx * AES_BLOCK_SIZE], AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[idx * AES_BLOCK_SIZE], buf_out, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:267:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_out, iv, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:270:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_in, &in[idx * AES_BLOCK_SIZE], AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:276:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf_out, AES_BLOCK_SIZE); // Only output the last block.
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:306:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, in_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iv_buf, iv, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:377:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, payload, payload_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[payload_len], mac, mac_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp_iv, counter, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:417:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plaintext, ciphertext, *plaintext_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:418:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac, &ciphertext[*plaintext_len], mac_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:424:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp_iv, counter, AES_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:468:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&counter[1], nonce, nonce_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:478:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[1], nonce, nonce_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:491:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*end_of_buf], assoc, assoc_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/aes.c:502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[*end_of_buf], payload, payload_len);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/blowfish.c:245:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keystruct->p,p_perm,sizeof(WORD) * 18);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/blowfish.c:246:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keystruct->s,s_perm,sizeof(WORD) * 1024);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, ctx->state, MD2_BLOCK_SIZE);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13_test.c:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.c:43:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char o[32] = {0};
data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.c:90:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkey[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.c:91:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char basepoint[32] = {9};
data/olm-3.2.1~dfsg/lib/curve25519-donna/contrib/Curve25519Donna.c:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shared_secret[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:301:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origx, x, 5 * sizeof(limb));
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:305:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xprime, sizeof(limb) * 5);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xxprime, sizeof(limb) * 5);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:360:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nqpqx, q, sizeof(limb) * 5);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:394:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultx, nqx, sizeof(limb) * 5);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna-c64.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultz, nqz, sizeof(limb) * 5);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, t, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:633:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origx, x, 10 * sizeof(limb));
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:639:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xprime, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(origxprime, xxprime, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:670:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x3, xxxprime, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:671:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z3, zzprime, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nqpqx, q, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:769:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultx, nqx, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/curve25519-donna.c:770:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resultz, nqz, sizeof(limb) * 10);
data/olm-3.2.1~dfsg/lib/curve25519-donna/python-src/curve25519/curve25519module.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mypublic[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/python-src/curve25519/curve25519module.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basepoint[32] = {9};
data/olm-3.2.1~dfsg/lib/curve25519-donna/python-src/curve25519/curve25519module.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shared_key[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/speed-curve25519.c:26:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char basepoint[32] = {9};
data/olm-3.2.1~dfsg/lib/curve25519-donna/speed-curve25519.c:27:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mysecret[32], mypublic[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:25:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e1k[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:26:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e2k[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:27:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e1e2k[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:28:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e2e1k[32];
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e1[32] = {3};
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:30:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e2[32] = {5};
data/olm-3.2.1~dfsg/lib/curve25519-donna/test-curve25519.c:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[32] = {9};
data/olm-3.2.1~dfsg/lib/ed25519/src/add_scalar.c:8:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char SC_1[32] = {1}; /* scalar with value 1 */
data/olm-3.2.1~dfsg/lib/ed25519/src/add_scalar.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char n[32];
data/olm-3.2.1~dfsg/lib/ed25519/src/fe.c:463:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/olm-3.2.1~dfsg/lib/ed25519/src/fe.c:481:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[32];
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:68:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char aslide[256];
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:69:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char bslide[256];
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:387:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/olm-3.2.1~dfsg/lib/ed25519/src/key_exchange.c:5:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[32];
data/olm-3.2.1~dfsg/lib/ed25519/src/seed.c:27:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("/dev/urandom", "rb");
data/olm-3.2.1~dfsg/lib/ed25519/src/sha512.h:12:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/olm-3.2.1~dfsg/lib/ed25519/src/sign.c:9:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hram[64];
data/olm-3.2.1~dfsg/lib/ed25519/src/sign.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[64];
data/olm-3.2.1~dfsg/lib/ed25519/src/verify.c:48:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char h[64];
data/olm-3.2.1~dfsg/lib/ed25519/src/verify.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char checker[32];
data/olm-3.2.1~dfsg/lib/ed25519/test.c:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char public_key[32], private_key[64], seed[32], scalar[32];
data/olm-3.2.1~dfsg/lib/ed25519/test.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char other_public_key[32], other_private_key[64];
data/olm-3.2.1~dfsg/lib/ed25519/test.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shared_secret[32], other_shared_secret[32];
data/olm-3.2.1~dfsg/lib/ed25519/test.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[64];
data/olm-3.2.1~dfsg/src/account.cpp:116:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(pos, value, sizeof(T) - 1);
data/olm-3.2.1~dfsg/src/cipher.cpp:92:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(output + output_length - MAC_LENGTH, mac, MAC_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:62:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(hmac_key, input_key, input_key_length);
data/olm-3.2.1~dfsg/src/crypto.cpp:72:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(i_pad, hmac_key, SHA256_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:88:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(o_pad, hmac_key, SHA256_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:107:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(
data/olm-3.2.1~dfsg/src/crypto.cpp:182:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(input_block, iv->iv, AES_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:186:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(input_block, output, AES_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:214:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(block1, iv->iv, AES_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:216:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(block2, &input[i], AES_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:219:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(block1, block2, AES_BLOCK_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:285:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(output, step_result, SHA256_OUTPUT_LENGTH);
data/olm-3.2.1~dfsg/src/crypto.cpp:295:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(output, step_result, bytes_remaining);
data/olm-3.2.1~dfsg/src/inbound_group_session.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/olm-3.2.1~dfsg/src/inbound_group_session.c:514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, megolm_get_data(&megolm), MEGOLM_RATCHET_LENGTH);
data/olm-3.2.1~dfsg/src/inbound_group_session.c:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/olm-3.2.1~dfsg/src/megolm.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(megolm->data, random_data, MEGOLM_RATCHET_LENGTH);
data/olm-3.2.1~dfsg/src/outbound_group_session.c:347:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, megolm_get_data(&session->ratchet), MEGOLM_RATCHET_LENGTH);
data/olm-3.2.1~dfsg/src/outbound_group_session.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/olm-3.2.1~dfsg/src/pickle.cpp:59:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(pos, bytes, bytes_length);
data/olm-3.2.1~dfsg/src/pickle.cpp:68:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(bytes, pos, bytes_length);
data/olm-3.2.1~dfsg/src/pk.cpp:404:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:242:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:289:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:294:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_group_session.cpp:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msgcopy.data(), message, msglen);
data/olm-3.2.1~dfsg/tests/test_message.cpp:57:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(writer.ratchet_key, ratchetkey, 10);
data/olm-3.2.1~dfsg/tests/test_message.cpp:58:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(writer.ciphertext, ciphertext, 10);
data/olm-3.2.1~dfsg/tests/test_message.cpp:59:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(output + length - 8, hmacsha2, 8);
data/olm-3.2.1~dfsg/tests/test_olm.cpp:207:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:215:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:223:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:231:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:235:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:259:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_2.data(), message_2.data(), message_2.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:268:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_2.data(), message_2.data(), message_2.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:348:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:352:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1.data(), message_1.data(), message_1.size());
data/olm-3.2.1~dfsg/tests/test_olm.cpp:373:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_a.data(), msg_a.data(), sizeof(msg_a));
data/olm-3.2.1~dfsg/tests/test_olm.cpp:391:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_b.data(), msg_b.data(), msg_b.size());
data/olm-3.2.1~dfsg/tests/test_olm_decrypt.cpp:46:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(pickled.data(), session_data, pickled.size());
data/olm-3.2.1~dfsg/tests/test_olm_signature.cpp:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(message, "Hello, World", message_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
::memcpy(plaintext, "Hello, World", 12);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:115:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1, message_1, message_1_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:123:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1, message_1, message_1_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:129:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_message_1, message_1, message_1_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:157:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_a, msg_a, msg_a_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:162:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_a, msg_a, msg_a_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:183:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_b, msg_b, msg_b_size);
data/olm-3.2.1~dfsg/tests/test_olm_using_malloc.cpp:188:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tmp_b, msg_b, msg_b_size);
data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp:10:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ignored = write(STDERR_FILENO, message, strlen(message));
data/olm-3.2.1~dfsg/fuzzers/fuzz_decrypt.cpp:15:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_length = strlen(key);
data/olm-3.2.1~dfsg/fuzzers/fuzz_group_decrypt.cpp:9:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ignored = write(STDERR_FILENO, message, strlen(message));
data/olm-3.2.1~dfsg/fuzzers/fuzz_group_decrypt.cpp:14:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t key_length = strlen(key);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/arcfour_test.c:34:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arcfour_key_setup(state, key[idx], strlen(key[idx]));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:34:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len = base64_encode(text[idx], buf, strlen(text[idx]), 1);
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:35:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass = pass && ((buf_len == strlen(code[idx])) &&
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:36:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(buf_len == base64_encode(text[idx], NULL, strlen(text[idx]), 1)));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:40:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len = base64_decode(code[idx], buf, strlen(code[idx]));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:41:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass = pass && ((buf_len == strlen(text[idx])) &&
data/olm-3.2.1~dfsg/lib/crypto-algorithms/base64_test.c:42:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(buf_len == base64_decode(code[idx], NULL, strlen(code[idx]))));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2_test.c:35:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md2_update(&ctx, text1, strlen(text1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2_test.c:41:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md2_update(&ctx, text2, strlen(text2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2_test.c:47:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md2_update(&ctx, text3_1, strlen(text3_1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md2_test.c:48:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md2_update(&ctx, text3_2, strlen(text3_2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5_test.c:35:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update(&ctx, text1, strlen(text1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5_test.c:41:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update(&ctx, text2, strlen(text2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5_test.c:47:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update(&ctx, text3_1, strlen(text3_1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/md5_test.c:48:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update(&ctx, text3_2, strlen(text3_2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/rot-13.c:21:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (idx = 0, len = strlen(str); idx < len; idx++) {
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1_test.c:35:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_update(&ctx, text1, strlen(text1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1_test.c:40:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_update(&ctx, text2, strlen(text2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha1_test.c:46:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_update(&ctx, text3, strlen(text3));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256_test.c:38:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256_update(&ctx, text1, strlen(text1));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256_test.c:43:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256_update(&ctx, text2, strlen(text2));
data/olm-3.2.1~dfsg/lib/crypto-algorithms/sha256_test.c:49:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha256_update(&ctx, text3, strlen(text3));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:333:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b, signed char c) {
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:363:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][0], equal(babs, 1));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:364:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][1], equal(babs, 2));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:365:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][2], equal(babs, 3));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:366:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][3], equal(babs, 4));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:367:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][4], equal(babs, 5));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:368:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][5], equal(babs, 6));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:369:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][6], equal(babs, 7));
data/olm-3.2.1~dfsg/lib/ed25519/src/ge.c:370:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &base[pos][7], equal(babs, 8));
data/olm-3.2.1~dfsg/lib/ed25519/test.c:24:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int message_len = strlen((char*) message);
data/olm-3.2.1~dfsg/tests/test_olm_decrypt.cpp:45:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::vector<std::uint8_t> pickled(strlen(session_data));
data/olm-3.2.1~dfsg/tests/test_olm_decrypt.cpp:52:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t message_length = strlen(test_case->msghex) / 2;
data/olm-3.2.1~dfsg/tests/test_pk.cpp:126:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PICKLE_KEY, strlen((char *)PICKLE_KEY),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PICKLE_KEY, strlen((char *)PICKLE_KEY),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:148:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t max_plaintext_length = olm_pk_max_plaintext_length(decryption, strlen(ciphertext));
data/olm-3.2.1~dfsg/tests/test_pk.cpp:153:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ephemeral_key, strlen(ephemeral_key),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:154:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mac, strlen(mac),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:155:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ciphertext, strlen(ciphertext),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:161:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert_equals(plaintext, plaintext_buffer, strlen((const char *)plaintext));
data/olm-3.2.1~dfsg/tests/test_pk.cpp:198:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(const uint8_t *)message, strlen(message),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:210:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message, strlen(message),
data/olm-3.2.1~dfsg/tests/test_pk.cpp:221:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
message, strlen(message),
data/olm-3.2.1~dfsg/tests/test_session.cpp:92:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PICKLE_KEY, strlen((char *)PICKLE_KEY),
data/olm-3.2.1~dfsg/tests/test_session.cpp:93:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pickled, strlen((char *)pickled), NULL
data/olm-3.2.1~dfsg/tests/test_session.cpp:109:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PICKLE_KEY, strlen((char *)PICKLE_KEY),
data/olm-3.2.1~dfsg/tests/test_session.cpp:128:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PICKLE_KEY, strlen((char *)PICKLE_KEY),
data/olm-3.2.1~dfsg/tests/test_session.cpp:129:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pickled, strlen((char *)pickled), NULL
ANALYSIS SUMMARY:
Hits = 257
Lines analyzed = 27080 in approximately 0.92 seconds (29571 lines/second)
Physical Source Lines of Code (SLOC) = 19424
Hits@level = [0] 58 [1] 53 [2] 138 [3] 65 [4] 1 [5] 0
Hits@level+ = [0+] 315 [1+] 257 [2+] 204 [3+] 66 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 16.2171 [1+] 13.2311 [2+] 10.5025 [3+] 3.39786 [4+] 0.0514827 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.