Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/open-iscsi-2.1.2/include/fw_context.h
Examining data/open-iscsi-2.1.2/include/iscsi_err.h
Examining data/open-iscsi-2.1.2/include/iscsi_if.h
Examining data/open-iscsi-2.1.2/include/iscsi_net_util.h
Examining data/open-iscsi-2.1.2/include/iscsi_proto.h
Examining data/open-iscsi-2.1.2/include/list.h
Examining data/open-iscsi-2.1.2/include/sysdeps.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/brcm-iscsi/brcm_iscsi.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/brcm-iscsi/brcm_iscsi.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/clock.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/debug.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/icmpv6.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_pkt.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/lc-addrlabels.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/lc-switch.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/lc.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/pt.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/timer.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/timer.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arch.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_eth.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_eth.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/uip/uipopt.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/clock-arch.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/clock-arch.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_vlan.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_vlan.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/options.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/packet.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/packet.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.h
Examining data/open-iscsi-2.1.2/iscsiuio/src/unix/uip-conf.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/context.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/context.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/default.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/default.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/idbm_fields.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/iface.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/iface.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/libopeniscsiusr/libopeniscsiusr.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/libopeniscsiusr/libopeniscsiusr_common.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/libopeniscsiusr/libopeniscsiusr_iface.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/libopeniscsiusr/libopeniscsiusr_node.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/libopeniscsiusr/libopeniscsiusr_session.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/misc.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/misc.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/node.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/node.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/rfc.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/session.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.h
Examining data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_context.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_iface.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_node.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_session.c
Examining data/open-iscsi-2.1.2/libopeniscsiusr/version.h
Examining data/open-iscsi-2.1.2/usr/actor.c
Examining data/open-iscsi-2.1.2/usr/actor.h
Examining data/open-iscsi-2.1.2/usr/auth.c
Examining data/open-iscsi-2.1.2/usr/auth.h
Examining data/open-iscsi-2.1.2/usr/be2iscsi.c
Examining data/open-iscsi-2.1.2/usr/be2iscsi.h
Examining data/open-iscsi-2.1.2/usr/config.h
Examining data/open-iscsi-2.1.2/usr/cxgbi.c
Examining data/open-iscsi-2.1.2/usr/cxgbi.h
Examining data/open-iscsi-2.1.2/usr/discovery.c
Examining data/open-iscsi-2.1.2/usr/discovery.h
Examining data/open-iscsi-2.1.2/usr/discoveryd.c
Examining data/open-iscsi-2.1.2/usr/discoveryd.h
Examining data/open-iscsi-2.1.2/usr/ethtool-copy.h
Examining data/open-iscsi-2.1.2/usr/event_poll.c
Examining data/open-iscsi-2.1.2/usr/event_poll.h
Examining data/open-iscsi-2.1.2/usr/flashnode.c
Examining data/open-iscsi-2.1.2/usr/flashnode.h
Examining data/open-iscsi-2.1.2/usr/host.c
Examining data/open-iscsi-2.1.2/usr/host.h
Examining data/open-iscsi-2.1.2/usr/idbm.c
Examining data/open-iscsi-2.1.2/usr/idbm.h
Examining data/open-iscsi-2.1.2/usr/idbm_fields.h
Examining data/open-iscsi-2.1.2/usr/iface.c
Examining data/open-iscsi-2.1.2/usr/iface.h
Examining data/open-iscsi-2.1.2/usr/initiator.c
Examining data/open-iscsi-2.1.2/usr/initiator.h
Examining data/open-iscsi-2.1.2/usr/initiator_common.c
Examining data/open-iscsi-2.1.2/usr/io.c
Examining data/open-iscsi-2.1.2/usr/iscsi_err.c
Examining data/open-iscsi-2.1.2/usr/iscsi_ipc.h
Examining data/open-iscsi-2.1.2/usr/iscsi_net_util.c
Examining data/open-iscsi-2.1.2/usr/iscsi_netlink.h
Examining data/open-iscsi-2.1.2/usr/iscsi_settings.h
Examining data/open-iscsi-2.1.2/usr/iscsi_sysfs.c
Examining data/open-iscsi-2.1.2/usr/iscsi_sysfs.h
Examining data/open-iscsi-2.1.2/usr/iscsi_timer.c
Examining data/open-iscsi-2.1.2/usr/iscsi_timer.h
Examining data/open-iscsi-2.1.2/usr/iscsi_util.c
Examining data/open-iscsi-2.1.2/usr/iscsi_util.h
Examining data/open-iscsi-2.1.2/usr/iscsiadm.c
Examining data/open-iscsi-2.1.2/usr/iscsid.c
Examining data/open-iscsi-2.1.2/usr/iscsid.h
Examining data/open-iscsi-2.1.2/usr/iscsid_req.c
Examining data/open-iscsi-2.1.2/usr/iscsid_req.h
Examining data/open-iscsi-2.1.2/usr/iscsistart.c
Examining data/open-iscsi-2.1.2/usr/iser.c
Examining data/open-iscsi-2.1.2/usr/iser.h
Examining data/open-iscsi-2.1.2/usr/kern_err_table.c
Examining data/open-iscsi-2.1.2/usr/kern_err_table.h
Examining data/open-iscsi-2.1.2/usr/local_strings.c
Examining data/open-iscsi-2.1.2/usr/local_strings.h
Examining data/open-iscsi-2.1.2/usr/log.c
Examining data/open-iscsi-2.1.2/usr/log.h
Examining data/open-iscsi-2.1.2/usr/login.c
Examining data/open-iscsi-2.1.2/usr/mgmt_ipc.c
Examining data/open-iscsi-2.1.2/usr/mgmt_ipc.h
Examining data/open-iscsi-2.1.2/usr/mntcheck.c
Examining data/open-iscsi-2.1.2/usr/netlink.c
Examining data/open-iscsi-2.1.2/usr/scsi.c
Examining data/open-iscsi-2.1.2/usr/scsi.h
Examining data/open-iscsi-2.1.2/usr/session_info.c
Examining data/open-iscsi-2.1.2/usr/session_info.h
Examining data/open-iscsi-2.1.2/usr/session_mgmt.c
Examining data/open-iscsi-2.1.2/usr/session_mgmt.h
Examining data/open-iscsi-2.1.2/usr/statics.c
Examining data/open-iscsi-2.1.2/usr/sysfs.c
Examining data/open-iscsi-2.1.2/usr/sysfs.h
Examining data/open-iscsi-2.1.2/usr/transport.c
Examining data/open-iscsi-2.1.2/usr/transport.h
Examining data/open-iscsi-2.1.2/usr/types.h
Examining data/open-iscsi-2.1.2/usr/uip_mgmt_ipc.c
Examining data/open-iscsi-2.1.2/usr/uip_mgmt_ipc.h
Examining data/open-iscsi-2.1.2/usr/version.h
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam.h
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.h
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/iscsi_obp.h
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_lex.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.h
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c
Examining data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.h
Examining data/open-iscsi-2.1.2/utils/iscsi-iname.c
Examining data/open-iscsi-2.1.2/utils/md5.c
Examining data/open-iscsi-2.1.2/utils/md5.h
Examining data/open-iscsi-2.1.2/utils/sysdeps/sysdeps.c
FINAL RESULTS:
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:183:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink(path, read_pci_bus_slot_func_str, 128);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:210:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink(path, read_pci_bus_slot_func_str, 128);
data/open-iscsi-2.1.2/usr/sysfs.c:137:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(link_path, link_target, sizeof(link_target) - 1);
data/open-iscsi-2.1.2/usr/sysfs.c:228:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(link_path, link_target, sizeof(link_target) - 1);
data/open-iscsi-2.1.2/usr/sysfs.c:258:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(link_path, link_target, sizeof(link_target) - 1);
data/open-iscsi-2.1.2/usr/sysfs.c:366:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(path_full, link_target, sizeof(link_target) - 1);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:510:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->initiatorName, (char *)data);
data/open-iscsi-2.1.2/iscsiuio/src/uip/debug.h:7:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, args); \
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:274:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:367:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, nic->eth_device_name);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:532:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:255:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:292:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:379:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:411:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.c:96:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(main_log.fp, fmt, ap);
data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.c:102:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap2);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:89:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, path_size, sysfs_template, nic->uio_minor);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:181:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(path, path_size, uio_device_symlink_template, nic->uio_minor);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:233:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pci_bus_slot_func_str, tok);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:103:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(uio_uevent_path, uio_uevent_path_template, uio_minor);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:221:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf(files[i]->d_name, host_template, &host_no);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:228:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:426:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:502:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(path, search_paths[path_iterator], uio_minor);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:598:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rc = sprintf(path, search_paths[path_iterator], uio_minor);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:824:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:897:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rc = sscanf(nic->config_device_name, uio_udev_path_template,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:949:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(nic->uio_device_name,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:963:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sys_path, size,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1226:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1258:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(temp_path, sizeof(temp_path),
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1265:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
elements_read = sscanf(raw, "%" PRIu64, handle);
data/open-iscsi-2.1.2/libopeniscsiusr/default.c:59:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(iface->transport_name,
data/open-iscsi-2.1.2/libopeniscsiusr/default.c:64:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(iface->name, sizeof(iface->name)/sizeof(char),
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:120:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_recs[_n].value, VALUE_MAXVAL, "%" PRIu8, _org->_name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:132:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_recs[_n].value, VALUE_MAXVAL, "%" PRIu16, _org->_name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:144:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_recs[_n].value, VALUE_MAXVAL, "%" PRIu32, _org->_name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:156:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_recs[_n].value, VALUE_MAXVAL, "%" PRIi32, _org->_name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:168:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_recs[_n].value, VALUE_MAXVAL, "%" PRIi64, _org->_name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:266:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(_recs[_n].value, _tbl[_j].name); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:324:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(LOCK_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:1172:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((*node)->portal, sizeof((*node)->portal)/sizeof(char),
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:1178:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((*node)->portal, sizeof((*node)->portal)/sizeof(char),
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:328:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((access(IFACE_CONFIG_DIR, F_OK) != 0) &&
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:360:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ISCSIUIO_PATH, F_OK) != 0) {
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:392:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) != 0)
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:721:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(iface_kern_id, "ipv%d-iface-%" SCNu32 "-%" SCNu32,
data/open-iscsi-2.1.2/libopeniscsiusr/misc.c:99:19: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printed_bytes += vfprintf(stderr, format, args);
data/open-iscsi-2.1.2/libopeniscsiusr/misc.c:130:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:415:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(host_id_str, "host%" SCNu32, host_id) != 1) {
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:455:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fmt_buff, sizeof(fmt_buff)/sizeof(char), "%s%%" SCNu32,
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:460:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(id_str, fmt_buff, &((*ids)[i])) != 1) {
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:504:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(path, F_OK) == 0) {
data/open-iscsi-2.1.2/usr/discovery.c:86:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(initiator_name, rsp.u.config.var);
data/open-iscsi-2.1.2/usr/discovery.c:97:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(initiator_alias, rsp.u.config.var);
data/open-iscsi-2.1.2/usr/discovery.c:255:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec->disc_address, drec->address);
data/open-iscsi-2.1.2/usr/discovery.c:568:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec->disc_address, drec->address);
data/open-iscsi-2.1.2/usr/discovery.c:851:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(initiator_name, iface->iname);
data/open-iscsi-2.1.2/usr/flashnode.c:47:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, fmt, i);
data/open-iscsi-2.1.2/usr/idbm.c:71:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_info[_n].value, VALUE_MAXVAL, "%" PRIi32, _rec->_name); \
data/open-iscsi-2.1.2/usr/idbm.c:82:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_info[_n].value, VALUE_MAXVAL, "%" PRIu8, _rec->_name); \
data/open-iscsi-2.1.2/usr/idbm.c:93:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_info[_n].value, VALUE_MAXVAL, "%" PRIu16, _rec->_name); \
data/open-iscsi-2.1.2/usr/idbm.c:104:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(_info[_n].value, VALUE_MAXVAL, "%" PRIu32, _rec->_name); \
data/open-iscsi-2.1.2/usr/idbm.c:176:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(_info[_n].value, _tbl[_j].name); \
data/open-iscsi-2.1.2/usr/idbm.c:522:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_ADDR, i);
data/open-iscsi-2.1.2/usr/idbm.c:524:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_PORT, i);
data/open-iscsi-2.1.2/usr/idbm.c:526:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_STARTUP, i);
data/open-iscsi-2.1.2/usr/idbm.c:529:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_WINDOW_SIZE, i);
data/open-iscsi-2.1.2/usr/idbm.c:532:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_SERVICE_TYPE, i);
data/open-iscsi-2.1.2/usr/idbm.c:535:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_LOGOUT_TMO, i);
data/open-iscsi-2.1.2/usr/idbm.c:538:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_LOGIN_TMO, i);
data/open-iscsi-2.1.2/usr/idbm.c:541:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_AUTH_TMO, i);
data/open-iscsi-2.1.2/usr/idbm.c:545:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_NOP_INT, i);
data/open-iscsi-2.1.2/usr/idbm.c:548:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_NOP_TMO, i);
data/open-iscsi-2.1.2/usr/idbm.c:552:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_MAX_XMIT_DLEN, i);
data/open-iscsi-2.1.2/usr/idbm.c:556:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_MAX_RECV_DLEN, i);
data/open-iscsi-2.1.2/usr/idbm.c:560:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_HDR_DIGEST, i);
data/open-iscsi-2.1.2/usr/idbm.c:564:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_DATA_DIGEST, i);
data/open-iscsi-2.1.2/usr/idbm.c:568:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_IFMARKER, i);
data/open-iscsi-2.1.2/usr/idbm.c:571:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, CONN_OFMARKER, i);
data/open-iscsi-2.1.2/usr/idbm.c:800:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IS_FW_ASSIGNED_IPV6, i);
data/open-iscsi-2.1.2/usr/idbm.c:803:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_HDR_DGST_EN, i);
data/open-iscsi-2.1.2/usr/idbm.c:806:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_DATA_DGST_EN, i);
data/open-iscsi-2.1.2/usr/idbm.c:809:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_SNACK_REQ_EN, i);
data/open-iscsi-2.1.2/usr/idbm.c:812:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_TIMESTAMP_STAT, i);
data/open-iscsi-2.1.2/usr/idbm.c:815:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_NAGLE_DISABLE, i);
data/open-iscsi-2.1.2/usr/idbm.c:818:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_WSF_DISABLE, i);
data/open-iscsi-2.1.2/usr/idbm.c:821:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_TIMER_SCALE, i);
data/open-iscsi-2.1.2/usr/idbm.c:824:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_TIMESTAMP_EN, i);
data/open-iscsi-2.1.2/usr/idbm.c:827:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IP_FRAG_DISABLE, i);
data/open-iscsi-2.1.2/usr/idbm.c:830:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_MAX_XMIT_DLENGTH, i);
data/open-iscsi-2.1.2/usr/idbm.c:833:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_MAX_RECV_DLENGTH, i);
data/open-iscsi-2.1.2/usr/idbm.c:836:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_KEEPALIVE_TMO, i);
data/open-iscsi-2.1.2/usr/idbm.c:839:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_PORT, i);
data/open-iscsi-2.1.2/usr/idbm.c:841:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IPADDR, i);
data/open-iscsi-2.1.2/usr/idbm.c:843:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_REDIRECT_IPADDR, i);
data/open-iscsi-2.1.2/usr/idbm.c:846:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_MAX_SEGMENT_SIZE, i);
data/open-iscsi-2.1.2/usr/idbm.c:849:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_LOCAL_PORT, i);
data/open-iscsi-2.1.2/usr/idbm.c:852:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IPV4_TOS, i);
data/open-iscsi-2.1.2/usr/idbm.c:855:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IPV6_TC, i);
data/open-iscsi-2.1.2/usr/idbm.c:858:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_IPV6_FLOW_LABEL, i);
data/open-iscsi-2.1.2/usr/idbm.c:861:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_LINK_LOCAL_IPV6, i);
data/open-iscsi-2.1.2/usr/idbm.c:864:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_XMIT_WSF, i);
data/open-iscsi-2.1.2/usr/idbm.c:867:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_TCP_RECV_WSF, i);
data/open-iscsi-2.1.2/usr/idbm.c:870:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_STATSN, i);
data/open-iscsi-2.1.2/usr/idbm.c:873:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(key, FLASHNODE_CONN_EXP_STATSN, i);
data/open-iscsi-2.1.2/usr/idbm.c:1144:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(passwd_len, 8, "%.7" PRIi32, (int)strlen(value) & 0xffff); \
data/open-iscsi-2.1.2/usr/idbm.c:1434:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(LOCK_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2151:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(portal, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2161:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(portal, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2273:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(portal, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2332:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(FW_CONFIG_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2346:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(STATIC_CONFIG_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2360:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ISNS_CONFIG_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/idbm.c:2445:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newrec->disc_address, drec->address);
data/open-iscsi-2.1.2/usr/idbm.c:2991:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(ISCSI_CONFIG_ROOT, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/iface.c:92:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(iface->name, DEFAULT_IFACENAME);
data/open-iscsi-2.1.2/usr/iface.c:101:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(iface->transport_name, DEFAULT_TRANSPORT);
data/open-iscsi-2.1.2/usr/iface.c:186:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->name, def_iface->name);
data/open-iscsi-2.1.2/usr/iface.c:188:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->netdev, def_iface->netdev);
data/open-iscsi-2.1.2/usr/iface.c:190:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->hwaddress, def_iface->hwaddress);
data/open-iscsi-2.1.2/usr/iface.c:192:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->transport_name,
data/open-iscsi-2.1.2/usr/iface.c:195:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->iname, def_iface->iname);
data/open-iscsi-2.1.2/usr/iface.c:241:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iface_conf, "%s/%s", IFACE_CONFIG_DIR, iface->name);
data/open-iscsi-2.1.2/usr/iface.c:274:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iface_conf, "%s/%s", IFACE_CONFIG_DIR, iface->name);
data/open-iscsi-2.1.2/usr/iface.c:434:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(out_rec->name, DEFAULT_IFACENAME);
data/open-iscsi-2.1.2/usr/iface.c:497:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface.hwaddress, hinfo->iface.hwaddress);
data/open-iscsi-2.1.2/usr/iface.c:498:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface.transport_name, hinfo->iface.transport_name);
data/open-iscsi-2.1.2/usr/iface.c:504:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(iface_path, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/iface.c:553:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(IFACE_CONFIG_DIR, F_OK) != 0) {
data/open-iscsi-2.1.2/usr/iface.c:575:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->name, src->name);
data/open-iscsi-2.1.2/usr/iface.c:579:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->netdev, src->netdev);
data/open-iscsi-2.1.2/usr/iface.c:581:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->ipaddress, src->ipaddress);
data/open-iscsi-2.1.2/usr/iface.c:583:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->subnet_mask, src->subnet_mask);
data/open-iscsi-2.1.2/usr/iface.c:585:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->gateway, src->gateway);
data/open-iscsi-2.1.2/usr/iface.c:587:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->bootproto, src->bootproto);
data/open-iscsi-2.1.2/usr/iface.c:589:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->ipv6_linklocal, src->ipv6_linklocal);
data/open-iscsi-2.1.2/usr/iface.c:591:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->ipv6_router, src->ipv6_router);
data/open-iscsi-2.1.2/usr/iface.c:593:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->ipv6_autocfg, src->ipv6_autocfg);
data/open-iscsi-2.1.2/usr/iface.c:595:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->linklocal_autocfg, src->linklocal_autocfg);
data/open-iscsi-2.1.2/usr/iface.c:597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->router_autocfg, src->router_autocfg);
data/open-iscsi-2.1.2/usr/iface.c:603:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->vlan_state, src->vlan_state);
data/open-iscsi-2.1.2/usr/iface.c:605:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->state, src->state);
data/open-iscsi-2.1.2/usr/iface.c:611:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->delayed_ack, src->delayed_ack);
data/open-iscsi-2.1.2/usr/iface.c:613:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->nagle, src->nagle);
data/open-iscsi-2.1.2/usr/iface.c:615:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->tcp_wsf_state, src->tcp_wsf_state);
data/open-iscsi-2.1.2/usr/iface.c:621:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->tcp_timestamp, src->tcp_timestamp);
data/open-iscsi-2.1.2/usr/iface.c:623:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_dns, src->dhcp_dns);
data/open-iscsi-2.1.2/usr/iface.c:625:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_slp_da, src->dhcp_slp_da);
data/open-iscsi-2.1.2/usr/iface.c:627:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->tos_state, src->tos_state);
data/open-iscsi-2.1.2/usr/iface.c:631:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->gratuitous_arp, src->gratuitous_arp);
data/open-iscsi-2.1.2/usr/iface.c:633:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_alt_client_id_state,
data/open-iscsi-2.1.2/usr/iface.c:636:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_alt_client_id, src->dhcp_alt_client_id);
data/open-iscsi-2.1.2/usr/iface.c:638:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_req_vendor_id_state,
data/open-iscsi-2.1.2/usr/iface.c:641:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_vendor_id_state, src->dhcp_vendor_id_state);
data/open-iscsi-2.1.2/usr/iface.c:643:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_vendor_id, src->dhcp_vendor_id);
data/open-iscsi-2.1.2/usr/iface.c:645:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->dhcp_learn_iqn, src->dhcp_learn_iqn);
data/open-iscsi-2.1.2/usr/iface.c:647:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->fragmentation, src->fragmentation);
data/open-iscsi-2.1.2/usr/iface.c:649:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->incoming_forwarding, src->incoming_forwarding);
data/open-iscsi-2.1.2/usr/iface.c:653:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->gratuitous_neighbor_adv,
data/open-iscsi-2.1.2/usr/iface.c:656:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->redirect, src->redirect);
data/open-iscsi-2.1.2/usr/iface.c:658:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->mld, src->mld);
data/open-iscsi-2.1.2/usr/iface.c:678:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->header_digest, src->header_digest);
data/open-iscsi-2.1.2/usr/iface.c:680:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->data_digest, src->data_digest);
data/open-iscsi-2.1.2/usr/iface.c:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->immediate_data, src->immediate_data);
data/open-iscsi-2.1.2/usr/iface.c:684:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->initial_r2t, src->initial_r2t);
data/open-iscsi-2.1.2/usr/iface.c:686:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->data_seq_inorder, src->data_seq_inorder);
data/open-iscsi-2.1.2/usr/iface.c:688:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->data_pdu_inorder, src->data_pdu_inorder);
data/open-iscsi-2.1.2/usr/iface.c:700:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->chap_auth, src->chap_auth);
data/open-iscsi-2.1.2/usr/iface.c:702:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->bidi_chap, src->bidi_chap);
data/open-iscsi-2.1.2/usr/iface.c:704:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->strict_login_comp, src->strict_login_comp);
data/open-iscsi-2.1.2/usr/iface.c:706:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->discovery_auth, src->discovery_auth);
data/open-iscsi-2.1.2/usr/iface.c:708:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->discovery_logout, src->discovery_logout);
data/open-iscsi-2.1.2/usr/iface.c:710:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->hwaddress, src->hwaddress);
data/open-iscsi-2.1.2/usr/iface.c:712:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->transport_name, src->transport_name);
data/open-iscsi-2.1.2/usr/iface.c:714:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst->iname, src->iname);
data/open-iscsi-2.1.2/usr/iface.c:1060:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->transport_name, t->name);
data/open-iscsi-2.1.2/usr/initiator.c:1392:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(stat_file, PROC_DIR"/%d/stat", pid);
data/open-iscsi-2.1.2/usr/initiator_common.c:654:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->netdev, hinfo.iface.netdev);
data/open-iscsi-2.1.2/usr/io.c:218:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(session->netdev, iface->netdev);
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:68:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, netdev);
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:105:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(transport, net_driver->iscsi_transport);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:179:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_SESSION_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:204:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_CONN_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:222:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_SESSION_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:254:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_SESSION_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:342:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->iface.netdev, netdev);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:378:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->iface.hwaddress, hwaddress);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:415:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->iface.ipaddress, address);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:470:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(sess_id, sizeof(sess_id), ISCSI_FLASHNODE_SESS, host_no,
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:473:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fnode_path, sizeof(fnode_path), ISCSI_FLASHNODE_DIR"/%s",
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:475:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fnode_path, F_OK) != 0)
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:478:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(conn_id, sizeof(conn_id), ISCSI_FLASHNODE_CONN, host_no,
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:481:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fnode_path, sizeof(fnode_path), ISCSI_FLASHNODE_DIR"/%s",
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:483:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fnode_path, F_OK) != 0)
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:647:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(namelist[i]->d_name, ISCSI_FLASHNODE_SESS,
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:738:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->transport_name, t->name);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:740:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(host_id, sizeof(host_id), ISCSI_HOST_ID, host_no);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1344:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_CONN_ID, info->sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1363:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->address, info->persistent_address);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1369:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(info->persistent_address, info->address);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1566:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_SESSION_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1577:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_HOST_ID, host_no);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1787:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_HOST_ID, host_no);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1829:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_CONN_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1844:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_CONN_ID, sid);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1962:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(id, sizeof(id), ISCSI_HOST_ID, hostno);
data/open-iscsi-2.1.2/usr/iscsiadm.c:829:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config_file, rsp.u.config.var);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3502:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(iface->netdev, hinfo.iface.netdev);
data/open-iscsi-2.1.2/usr/iscsid.c:126:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec->session.auth.username, auth_conf.username);
data/open-iscsi-2.1.2/usr/iscsid.c:129:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec->session.auth.username_in, auth_conf.username_in);
data/open-iscsi-2.1.2/usr/iscsid.c:132:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)rec->session.auth.password,
data/open-iscsi-2.1.2/usr/iscsid.c:138:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)rec->session.auth.password_in,
data/open-iscsi-2.1.2/usr/iscsid.c:275:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rec.iface.iname, info->iface.iname);
data/open-iscsi-2.1.2/usr/iscsid_req.c:55:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(startup_cmd) < 0)
data/open-iscsi-2.1.2/usr/iscsid_req.c:110:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(iscsid_namespace, 64, ISCSIADM_NAMESPACE "-%d", pid);
data/open-iscsi-2.1.2/usr/iscsid_req.c:112:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(iscsid_namespace, 64, ISCSIADM_NAMESPACE);
data/open-iscsi-2.1.2/usr/log.c:29:36: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define logdbg(file, fmt, args...) fprintf(file, fmt, ##args)
data/open-iscsi-2.1.2/usr/log.c:185:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff, MAX_MSG_SIZE, fmt, ap);
data/open-iscsi-2.1.2/usr/log.c:295:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/open-iscsi-2.1.2/usr/log.c:299:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/open-iscsi-2.1.2/usr/log.h:75:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/open-iscsi-2.1.2/usr/log.h:77:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/open-iscsi-2.1.2/usr/log.h:79:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/open-iscsi-2.1.2/usr/log.h:81:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:173:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtask->rsp.u.config.var, dconfig->initiator_name);
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:201:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtask->rsp.u.config.var, dconfig->initiator_alias);
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:209:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(qtask->rsp.u.config.var, dconfig->config_file);
data/open-iscsi-2.1.2/usr/netlink.c:678:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(param_str, "%s", (char *)value);
data/open-iscsi-2.1.2/usr/netlink.c:725:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(param_str, "%s", (char *)value);
data/open-iscsi-2.1.2/usr/netlink.c:1337:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(param_str, "%s", (char *)value);
data/open-iscsi-2.1.2/usr/session_info.c:345:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(new_prefix, "%s%s", prefix, "\t\t");
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:185:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(CONN_ADDR" = %s\n", 0, context->target_ipaddr);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:186:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(CONN_PORT" = %d\n", 0, context->target_port);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:49:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:90:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(vdev, "%s%s", filename, "/vdevice");
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:181:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ofwdev->param[parm]->val, str);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:95:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(dev_dir, FILENAMESZ, IBFT_SYSFS_ROOT"/%s/device", id);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:118:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(dent->d_name, "net:%s", context->iface) != 1) {
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:159:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->iface, dent->d_name);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:405:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lld_root, FILENAMESZ, ISCSI_LLD_ROOT"%s/",
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:520:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(lld_root, FILENAMESZ, ISCSI_LLD_ROOT"%s/",
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_lex.c:965:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(yylval.str, yytext); \
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:70:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DPRINT(fmt,...) printf(fmt,__VA_ARGS__)
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:703:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1425:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofwdev->dev_path, "/%s%s", (yyvsp[-2].str), (yyvsp[-1].str));
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1438:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofwdev->dev_path, "/%s%s", (yyvsp[-3].str), (yyvsp[-2].str));
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1451:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ofwdev->dev_path, "/%s%s", (yyvsp[-4].str), (yyvsp[-3].str));
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1471:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((yyval.str), (yyvsp[0].str));
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1487:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((yyval.str), (yyvsp[0].str));
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:384:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gen_xid = random();
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1144:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("LISTEN_PID");
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1149:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("LISTEN_FDS");
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:257:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "fd:p:vh",
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:320:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
*dev_path = realpath(path, NULL);
data/open-iscsi-2.1.2/usr/iscsiadm.c:1338:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, short_options,
data/open-iscsi-2.1.2/usr/iscsiadm.c:3488:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/open-iscsi-2.1.2/usr/iscsiadm.c:3585:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, short_options,
data/open-iscsi-2.1.2/usr/iscsid.c:385:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, "c:i:fd:nu:g:p:vh", long_options,
data/open-iscsi-2.1.2/usr/iscsistart.c:369:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt_long(argc, argv, "P:i:t:g:a:p:d:u:w:U:W:bNfvh",
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:86:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("LISTEN_PID");
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:91:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("LISTEN_FDS");
data/open-iscsi-2.1.2/usr/mntcheck.c:177:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
rp = realpath(newpath, NULL);
data/open-iscsi-2.1.2/usr/sysfs.c:70:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("SYSFS_PATH");
data/open-iscsi-2.1.2/include/fw_context.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_root[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/include/fw_context.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_nic[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/include/fw_context.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_target[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/include/fw_context.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetname[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/include/fw_context.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_ipaddr[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_name[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/include/fw_context.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_password[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/include/fw_context.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_name_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/include/fw_context.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_password_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/include/fw_context.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isid[10];
data/open-iscsi-2.1.2/include/fw_context.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initiatorname[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/include/fw_context.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[IF_NAMESIZE];
data/open-iscsi-2.1.2/include/fw_context.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac[18];
data/open-iscsi-2.1.2/include/fw_context.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gateway[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char primary_dns[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secondary_dns[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[NI_MAXHOST];
data/open-iscsi-2.1.2/include/fw_context.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lun[17];
data/open-iscsi-2.1.2/include/fw_context.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlan[15];
data/open-iscsi-2.1.2/include/fw_context.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi_host_name[64];
data/open-iscsi-2.1.2/include/iscsi_if.h:799:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[ISCSI_STATS_CUSTOM_DESC_MAX];
data/open-iscsi-2.1.2/include/iscsi_if.h:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[ISCSI_CHAP_AUTH_NAME_MAX_LEN];
data/open-iscsi-2.1.2/include/iscsi_if.h:874:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[ISCSI_HOST_STATS_CUSTOM_DESC_MAX];
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optptr, s->serverid, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:125:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optptr, s->ipaddr, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->chaddr, s->mac_addr, s->mac_len);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->options, magic_cookie, sizeof(magic_cookie));
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->netmask, optptr + 2, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->default_router, optptr + 2, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:220:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->dnsaddr, optptr + 2, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->serverid, optptr + 2, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:229:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->lease_time, optptr + 2, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:248:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->ipaddr, m->yiaddr, 4);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpc.c:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xid, &gen_xid, sizeof(gen_xid));
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:75:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(context->dhcp_vendor_id, "BRCM ISAN");
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&opt->type.client_id.link_layer_addr,
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:196:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&opt->type.vendor_class.
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->dhcp_server,
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:461:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->primary_dns_server,
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->secondary_dns_server,
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.h:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_vendor_id[DHCP_VENDOR_ID_LEN];
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initiatorName[ISCSI_MAX_ISCSI_NAME_LENGTH];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:108:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mc_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->mac_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:299:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&prefix_entry->ip_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:482:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)ð->src_mac,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:615:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mac_addr, &arp_entry->mac_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:682:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&arp_entry->mac_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:709:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&arp_entry->ip_addr, (char *)ip_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:711:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&arp_entry->mac_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:735:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:743:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:748:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:761:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)((u8_t *)icmp + sizeof(struct icmpv6_hdr)),
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:805:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&link_opt->link_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:856:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:902:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:918:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:930:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:932:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&addr.addr8[8],
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1031:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)ð->dest_mac,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1035:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&tmp,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1037:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_dst,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1049:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1057:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1062:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1070:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1081:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)((u8_t *)icmp + sizeof(struct icmpv6_hdr)),
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)ð->dest_mac,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1117:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&temp,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_dst,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1124:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&ipv6->ipv6_src,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->default_router,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1168:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->link_local_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1195:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&addr_list->ip_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)ip_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6.c:1299:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&context->link_local_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ustack->default_route_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:225:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ustack->linklocal6, &ipv6c->link_local_addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:261:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:331:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&src.addr8, &ustack->hostaddr6,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gw.addr8, &ustack->default_route_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/uip/ipv6_ndpc.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ll.addr8, &ustack->linklocal6,
data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.c:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->ptr, *dataptr, *datalen);
data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.c:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->ptr, *dataptr, *datalen);
data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->ptr, *dataptr, buf->left);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.c:107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ustack->neighbor_entries[oldest].mac_addr, addr,
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr6_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip-neighbor.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac_addr, entry_mac_addr, sizeof(e->mac_addr));
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustack->uip_ethaddr.addr, (mac), 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:738:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uip_reassbuf, &BUF(ustack)->vhl, uip_iph_len);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:772:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uip_reassbuf[uip_iph_len + offset],
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:828:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(BUF, FBUF, uip_reasslen);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:2395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustack->uip_buf, (data), ustack->uip_slen);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.c:2404:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ustack->uip_sappdata, (data), ustack->uip_slen);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.h:705:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define uip_ip4addr_copy(dest, src) memcpy(dest, src, sizeof(uip_ip4addr_t))
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip.h:706:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define uip_ip6addr_copy(dest, src) memcpy(dest, src, sizeof(uip_ip6addr_t))
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tabptr->ipaddr, ipaddr, 4);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tabptr->ethaddr.addr, ethaddr->addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:252:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->dhwaddr.addr, arp->shwaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:253:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->shwaddr.addr, ustack->uip_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:254:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->src.addr, ustack->uip_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:255:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->dest.addr, arp->dhwaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ð->dest, broadcast_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->src.addr, ustack->uip_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:384:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->shwaddr.addr, ustack->uip_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->dest.addr, broadcast_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->dest.addr, tabptr->ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:421:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->src.addr, ustack->uip_ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/uip/uip_arp.c:461:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mac_addr, entry->ethaddr.addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[NI_MAXHOST];
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:181:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ird->ipv6_subnet_mask.s6_addr, all_zeroes_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ia6.s6_addr, all_zeroes_addr6, sizeof(struct in6_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[NI_MAXHOST];
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:272:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ird->ipv6_addr, all_zeroes_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:341:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr, &addr->sin_addr.s_addr, sizeof(uip_ip4addr_t));
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr, &addr6->sin6_addr.s6_addr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_buf_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:725:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.hostaddr, &ird.ipv4_addr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:732:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.netmask,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:744:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.default_route_addr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:761:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.netmask6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:764:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.linklocal6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:767:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.default_route_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:777:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.hostaddr6, &ird.ipv6_addr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.netmask6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:789:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.linklocal6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:792:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic_iface->ustack.default_route_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[PEERUSER_MAX];
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1189:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)&addr.sun_path + 1, ISCSID_UIP_NAMESPACE,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(cnic_uio_sysfs_name_tempate) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfs_resc_path[80];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:454:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nic->fd = open(nic->uio_device_name, O_RDWR | O_NONBLOCK);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:486:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bp->bar0_fd = open(sysfs_resc_path, O_RDWR | O_SYNC);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:852:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, sizeof(struct uip_eth_hdr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:856:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt + sizeof(struct uip_eth_hdr),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:860:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, pkt->buf_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2.c:1034:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->buf, rx_pkt, len);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:392:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bp->version.major = atoi(tok);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:399:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bp->version.minor = atoi(tok);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:406:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bp->version.sub_minor = atoi(tok);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(cnic_uio_sysfs_name_tempate) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfs_resc_path[80];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:728:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nic->fd = open(nic->uio_device_name, O_RDWR | O_NONBLOCK);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:762:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bp->bar0_fd = open(sysfs_resc_path, O_RDWR | O_SYNC);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:784:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bp->bar2_fd = open(sysfs_resc_path, O_RDWR | O_SYNC);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1040:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic->mac_addr, mac, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1083:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic->mac_addr, mac, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1283:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, sizeof(struct uip_eth_hdr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt + sizeof(struct uip_eth_hdr),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, pkt->buf_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/bnx2x.c:1504:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->buf, rx_pkt, len);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->arp_sha, nic->mac_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->arp_spa, nic_iface->ustack.hostaddr, 4);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arp->arp_tpa, &dst_ip, 4);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipv6_hdr->ip6_dst.s6_addr, addr6_dst->s6_addr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_dst_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&path_rsp->src.v4_addr, nic_iface->ustack.hostaddr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:285:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&path_rsp->src.v6_addr, src_ipv6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path_rsp->mac_addr, mac_addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&netmask.s_addr, nic_iface->ustack.netmask,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:463:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_dst_str[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:477:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst_addr, &path->dst.v6_addr, sizeof(struct in6_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:504:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&src_addr, addr, sizeof(struct in6_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&netmask.s6_addr, nic_iface->ustack.netmask6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/cnic.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&netmask.s6_addr, all_zeroes_addr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(cnic_uio_sysfs_name_tempate) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(qedi_host_mac_template) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(UIO_OFFSET_TMPL) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(UIO_ATTR_TMPL) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:495:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nic->fd = open(nic->uio_device_name, O_RDWR | O_NONBLOCK);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, sizeof(struct uip_eth_hdr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:832:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt + sizeof(struct uip_eth_hdr),
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:838:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp->tx_pkt, pkt->buf, pkt->buf_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/libs/qedi.c:1038:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->buf, rx_pkt, len);
data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[32];
data/open-iscsi-2.1.2/iscsiuio/src/unix/logger.c:136:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
main_log.fp = fopen(filename, "a");
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:192:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR);
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ISCSI_OOM_PATH_LEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:222:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:271:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
main_log.level = atoi(optarg);
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:324:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pid_file, O_WRONLY | O_CREAT, 0644);
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[4];
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:368:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\n", getpid());
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:137:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((handle->ops->open) == NULL ||
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:145:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle->ops->open, handle->ops->close,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:714:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nic_iface->ustack.uip_ethaddr.addr, nic->mac_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:831:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_link_layer + 12, pkt->network_layer - 2,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:872:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->data_link_layer + 12, pkt->network_layer - 2,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:1257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:1262:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nic_iface->ustack.uip_ethaddr.addr, nic->mac_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:1418:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc = (*nic->ops->open) (nic);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.h:188:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open) (struct nic *);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.h:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth_device_name[IFNAMSIZ]; /* Network interface name */
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:91:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_id.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pci_bus_slot_func_str[32];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NLMSG_DATA(nlh) + datalen, iovp[i].iov_base,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlm_ev[NLMSG_SPACE(sizeof(struct iscsi_uevent))];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:389:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vlan_iface->ustack.hostaddr,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:392:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vlan_iface->ustack.netmask,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vlan_iface->ustack.netmask6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:398:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vlan_iface->ustack.hostaddr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_nl.c:620:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth_device_name[IFNAMSIZ];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uio_uevent_path[sizeof(uio_uevent_path_template) + 10];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:113:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(uio_uevent_path, O_WRONLY);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(iscsi_host_path_netdev_template) +
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&multicast_addr, nic->mac_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ifr.ifr_hwaddr.sa_data, multicast_addr.addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(iscsi_host_path_netdev_template) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:757:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth_name[IFNAMSIZ];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(nic_uio_sysfs_name_tempate) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eth_name[sizeof(nic->eth_device_name)];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:917:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nic->eth_device_name,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(cnic_sysfs_uio_event_template) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_path[sizeof(iscsi_transport_handle_template) + 8];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current->mac_addr, nic->mac_addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1300:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vlan_current->mac_addr, nic->mac_addr, 6);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pkt->buf, buf, buf_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->ether_shost, src_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1415:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eth->ether_dhost, dest_addr, ETH_ALEN);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1687:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1734:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filepath, O_RDONLY);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1784:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, "r");
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_vlan.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlan_iface_name[16];
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_vlan.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phy_iface_name[16];
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[INET6_ADDRSTRLEN] = {0};
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:254:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr4, addr, sizeof(uip_ip4addr_t));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&path.dst.v4_addr, dst_addr4, sizeof(struct in_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:258:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr6, addr, sizeof(uip_ip6addr_t));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:259:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&path.dst.v6_addr, dst_addr6, sizeof(struct in6_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src_addr6, &nic_iface->ustack.hostaddr6,
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:343:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src_addr6, addr, sizeof(struct in6_addr));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:375:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr4, png_c->dst_addr, sizeof(uip_ip4addr_t));
data/open-iscsi-2.1.2/iscsiuio/src/unix/ping.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_addr6, png_c->dst_addr, sizeof(uip_ip6addr_t));
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAXVAL];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VALUE_MAXVAL];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:332:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(LOCK_FILE, O_RDWR | O_CREAT, 0666);
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd_len[8];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:729:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recs[i].data, tmp_data, recs[i].data_len);
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:812:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAXVAL];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VALUE_MAXVAL];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:828:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(conf_path, "r");
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:98:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char password[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:101:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char password_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_root[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_nic[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.h:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_target[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char proc_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:453:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:470:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(conf_path, "w");
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:776:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iface, &_DEFAULT_IFACES[i], sizeof(struct iscsi_iface));
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:897:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*iface, &_DEFAULT_IFACES[i],
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ISCSI_MAX_IFACE_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netdev[IFNAMSIZ];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddress[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_mask[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gateway[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bootproto[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_linklocal[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_router[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linklocal_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char router_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlan_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[ISCSI_MAX_STR_LEN]; /* 0 = disable,
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delayed_ack[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nagle[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcp_wsf_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcp_timestamp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_dns[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_slp_da[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tos_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gratuitous_arp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_alt_client_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_alt_client_id[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_req_vendor_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_vendor_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_vendor_id[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_learn_iqn[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragmentation[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incoming_forwarding[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gratuitous_neighbor_adv[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redirect[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mld[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_digest[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_digest[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char immediate_data[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initial_r2t[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_seq_inorder[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_pdu_inorder[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_auth[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bidi_chap[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strict_login_comp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discovery_auth[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discovery_logout[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_speed[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwaddress[ISCSI_HWADDRESS_BUF_SIZE];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/libopeniscsiusr/iface.h:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/libopeniscsiusr/misc.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/misc.c:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, \
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver_name[_ETH_DRIVER_NAME_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char if_name[IF_NAMESIZE];
data/open-iscsi-2.1.2/libopeniscsiusr/node.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strerr_buff[_STRERR_BUFF_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/node.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_name[TARGET_NAME_MAXLEN];
data/open-iscsi-2.1.2/libopeniscsiusr/node.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disc_address[NI_MAXHOST];
data/open-iscsi-2.1.2/libopeniscsiusr/node.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portal[NI_MAXHOST * 2];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char persistent_address[NI_MAXHOST + 1];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_name[_ISCSI_NAME_MAX_LEN + 1];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[_ISCSI_CHAP_AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[_ISCSI_CHAP_AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[_ISCSI_CHAP_AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_in[_ISCSI_CHAP_AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/libopeniscsiusr/session.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NI_MAXHOST + 1];
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:125:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY);
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, (void *) default_value,
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, (void *) default_value,
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:210:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, (void *) default_value,
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_buff[128];
data/open-iscsi-2.1.2/usr/auth.c:60:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id_data[1];
data/open-iscsi-2.1.2/usr/auth.c:62:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_data[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.c:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char verify_data[client->chap_challenge_len];
data/open-iscsi-2.1.2/usr/auth.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/open-iscsi-2.1.2/usr/auth.c:834:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char response_data[AUTH_CHAP_RSP_MAX];
data/open-iscsi-2.1.2/usr/auth.c:967:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id_data[1];
data/open-iscsi-2.1.2/usr/auth.c:968:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char response_data[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.c:970:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char my_rsp_data[AUTH_CHAP_RSP_MAX];
data/open-iscsi-2.1.2/usr/auth.c:1457:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *const key_names[AUTH_KEY_TYPE_MAX_COUNT] = {
data/open-iscsi-2.1.2/usr/auth.c:1987:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->passwd_data, passwd_data, passwd_length);
data/open-iscsi-2.1.2/usr/auth.c:2055:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *const dbg_text[AUTH_DBG_STATUS_MAX_COUNT] = {
data/open-iscsi-2.1.2/usr/auth.c:2108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_data, in_data, in_length);
data/open-iscsi-2.1.2/usr/auth.h:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_block[AUTH_STR_BLOCK_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.h:201:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char large_binary[AUTH_LARGE_BINARY_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.h:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.h:217:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char passwd_data[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.h:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/auth.h:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch_key_value[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/config.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/config.h:56:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char password[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/config.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/config.h:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char password_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/config.h:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_root[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/config.h:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_nic[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/config.h:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_target[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/config.h:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ISCSI_MAX_IFACE_LEN];
data/open-iscsi-2.1.2/usr/config.h:220:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netdev[IFNAMSIZ];
data/open-iscsi-2.1.2/usr/config.h:221:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddress[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subnet_mask[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gateway[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bootproto[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_linklocal[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_router[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv6_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:228:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linklocal_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char router_autocfg[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vlan_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[ISCSI_MAX_STR_LEN]; /* 0 = disable,
data/open-iscsi-2.1.2/usr/config.h:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delayed_ack[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nagle[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcp_wsf_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcp_timestamp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_dns[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_slp_da[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tos_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gratuitous_arp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_alt_client_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_alt_client_id[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_req_vendor_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:252:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_vendor_id_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_vendor_id[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:254:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dhcp_learn_iqn[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragmentation[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char incoming_forwarding[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gratuitous_neighbor_adv[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redirect[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mld[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_digest[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_digest[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char immediate_data[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initial_r2t[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:274:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_seq_inorder[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_pdu_inorder[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chap_auth[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bidi_chap[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strict_login_comp[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discovery_auth[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discovery_logout[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_state[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:287:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_speed[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/config.h:292:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hwaddress[ISCSI_HWADDRESS_BUF_SIZE];
data/open-iscsi-2.1.2/usr/config.h:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/config.h:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/config.h:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/config.h:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TARGET_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/config.h:312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disc_address[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/config.h:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/discovery.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char initiator_name[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/discovery.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char initiator_alias[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/discovery.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pg_addr[INET6_ADDRSTRLEN + 1];
data/open-iscsi-2.1.2/usr/discovery.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_port[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/discovery.c:442:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_port, "%d", drec->port);
data/open-iscsi-2.1.2/usr/discovery.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[64];
data/open-iscsi-2.1.2/usr/discovery.c:525:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[64];
data/open-iscsi-2.1.2/usr/discovery.c:572:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec->tpgt = atoi(tag);
data/open-iscsi-2.1.2/usr/discovery.c:576:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec->conn[0].port = atoi(port);
data/open-iscsi-2.1.2/usr/discovery.c:631:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_port[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/discovery.c:633:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_port, "%d", drec->port);
data/open-iscsi-2.1.2/usr/discovery.c:929:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str_buffer_data(sendtargets) + curr_data_length,
data/open-iscsi-2.1.2/usr/discovery.c:1348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/ethtool-copy.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[32]; /* driver short name, "tulip", "eepro100" */
data/open-iscsi-2.1.2/usr/ethtool-copy.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[32]; /* driver version string */
data/open-iscsi-2.1.2/usr/ethtool-copy.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fw_version[32]; /* firmware version string, if applicable */
data/open-iscsi-2.1.2/usr/ethtool-copy.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bus_info[ETHTOOL_BUSINFO_LEN]; /* Bus info for this IF. */
data/open-iscsi-2.1.2/usr/ethtool-copy.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved1[32];
data/open-iscsi-2.1.2/usr/ethtool-copy.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved2[12];
data/open-iscsi-2.1.2/usr/ethtool-copy.h:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[ETHTOOL_FLASH_MAX_FILENAME];
data/open-iscsi-2.1.2/usr/flashnode.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[NAME_MAXVAL];
data/open-iscsi-2.1.2/usr/flashnode.c:101:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnode_param->value, isid, fnode_param->len);
data/open-iscsi-2.1.2/usr/flashnode.c:254:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnode_param->value, &val, fnode_param->len);
data/open-iscsi-2.1.2/usr/flashnode.c:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnode_param->value, &val, fnode_param->len);
data/open-iscsi-2.1.2/usr/flashnode.c:300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnode_param->value, buf, fnode_param->len);
data/open-iscsi-2.1.2/usr/flashnode.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetname[TARGET_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/flashnode.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetalias[TARGET_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/flashnode.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/flashnode.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/flashnode.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/flashnode.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/flashnode.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discovery_parent_type[ISCSI_MAX_STR_LEN];
data/open-iscsi-2.1.2/usr/flashnode.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isid[16];
data/open-iscsi-2.1.2/usr/flashnode.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portal_type[5]; /* ipv4 or ipv6 */
data/open-iscsi-2.1.2/usr/flashnode.h:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddress[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/flashnode.h:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redirect_ipaddr[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/flashnode.h:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_local_ipv6[NI_MAXHOST];
data/open-iscsi-2.1.2/usr/flashnode.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/host.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[SCSI_MAX_STATE_VALUE];
data/open-iscsi-2.1.2/usr/host.c:388:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param_info->value, val, param_len);
data/open-iscsi-2.1.2/usr/host.c:417:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(param_info->value, param_val, param_len);
data/open-iscsi-2.1.2/usr/idbm.c:520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[NAME_MAXVAL];
data/open-iscsi-2.1.2/usr/idbm.c:798:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[NAME_MAXVAL];
data/open-iscsi-2.1.2/usr/idbm.c:1015:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd_len[8];
data/open-iscsi-2.1.2/usr/idbm.c:1114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info[i].data, tmp_data, info[i].data_len);
data/open-iscsi-2.1.2/usr/idbm.c:1188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAXVAL];
data/open-iscsi-2.1.2/usr/idbm.c:1189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VALUE_MAXVAL];
data/open-iscsi-2.1.2/usr/idbm.c:1190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, *nl, buffer[2048];
data/open-iscsi-2.1.2/usr/idbm.c:1285:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(config_file, "r");
data/open-iscsi-2.1.2/usr/idbm.c:1326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec, &db->nrec, sizeof(*rec));
data/open-iscsi-2.1.2/usr/idbm.c:1390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(last_rec, rec, sizeof(node_rec_t));
data/open-iscsi-2.1.2/usr/idbm.c:1442:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(LOCK_FILE, O_RDWR | O_CREAT, 0666);
data/open-iscsi-2.1.2/usr/idbm.c:1497:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(portal, "r");
data/open-iscsi-2.1.2/usr/idbm.c:1521:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(conf, "r");
data/open-iscsi-2.1.2/usr/idbm.c:1687:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(tmp_port))) {
data/open-iscsi-2.1.2/usr/idbm.c:1938:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp_tpgt ? atoi(tmp_tpgt) : -1,
data/open-iscsi-2.1.2/usr/idbm.c:1939:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
portal_dent->d_name, atoi(tmp_port),
data/open-iscsi-2.1.2/usr/idbm.c:2126:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(portal, "w");
data/open-iscsi-2.1.2/usr/idbm.c:2234:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(portal, "w");
data/open-iscsi-2.1.2/usr/idbm.c:2636:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec->tpgt = atoi(tpgt);
data/open-iscsi-2.1.2/usr/idbm.c:2637:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rec->conn[0].port = atoi(port);
data/open-iscsi-2.1.2/usr/idbm.c:2851:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg, &db->drec_st.u.sendtargets,
data/open-iscsi-2.1.2/usr/idbm.c:2859:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg, &db->drec_isns.u.isns,
data/open-iscsi-2.1.2/usr/idbm.c:2866:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfg, &db->drec_slp.u.slp,
data/open-iscsi-2.1.2/usr/idbm.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAXVAL];
data/open-iscsi-2.1.2/usr/idbm.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[VALUE_MAXVAL];
data/open-iscsi-2.1.2/usr/iface.c:146:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(iface_conf, "r");
data/open-iscsi-2.1.2/usr/iface.c:275:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(iface_conf, "w");
data/open-iscsi-2.1.2/usr/iface.c:474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface_path[PATH_MAX];
data/open-iscsi-2.1.2/usr/iface.c:969:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iface_copy, iface, sizeof(*iface_copy));
data/open-iscsi-2.1.2/usr/iface.c:1016:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/iface.c:1069:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iface->vlan_id = atoi(context->vlan);
data/open-iscsi-2.1.2/usr/iface.c:1497:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_param->value, val, param_len);
data/open-iscsi-2.1.2/usr/iface.c:1545:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_param->value, &vlan, net_param->len);
data/open-iscsi-2.1.2/usr/iface.c:1831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_param->value, param_val, param_len);
data/open-iscsi-2.1.2/usr/initiator.c:363:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&session->nrec, rec, sizeof(node_rec_t));
data/open-iscsi-2.1.2/usr/initiator.c:558:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/initiator.c:935:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr.lun, rhdr->lun, 8);
data/open-iscsi-2.1.2/usr/initiator.c:1370:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stat_file[PATH_SIZE];
data/open-iscsi-2.1.2/usr/initiator.c:1371:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024]; /* got this from ps */
data/open-iscsi-2.1.2/usr/initiator.c:1399:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat_fd = open(stat_file, O_RDONLY);
data/open-iscsi-2.1.2/usr/initiator.h:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[ISCSI_DEF_MAX_RECV_SEG_LEN];
data/open-iscsi-2.1.2/usr/initiator.h:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST]; /* scratch */
data/open-iscsi-2.1.2/usr/initiator.h:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netdev[IFNAMSIZ];
data/open-iscsi-2.1.2/usr/initiator.h:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_name[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/initiator.h:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/initiator.h:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/initiator_common.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->password, auth_cfg->password,
data/open-iscsi-2.1.2/usr/initiator_common.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->password_in, auth_cfg->password_in,
data/open-iscsi-2.1.2/usr/initiator_common.c:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->chap_algs, auth_cfg->chap_algs, sizeof(auth_cfg->chap_algs));
data/open-iscsi-2.1.2/usr/initiator_common.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/initiator_common.c:244:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(serv, "%d", port);
data/open-iscsi-2.1.2/usr/io.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/open-iscsi-2.1.2/usr/io.c:147:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hwaddress, "%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x",
data/open-iscsi-2.1.2/usr/io.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/io.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/io.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV], lserv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/io.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lserv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/io.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serv[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/io.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[4];
data/open-iscsi-2.1.2/usr/io.c:806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[ISCSI_PAD_LEN];
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_hwaddress[ISCSI_HWADDRESS_BUF_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp_hwaddress, "%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x",
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:263:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vlan_id = atoi(vlan);
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr.ifr_addr, &sk_ipaddr, sizeof(struct sockaddr));
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ifr.ifr_addr, &sk_netmask, sizeof(struct sockaddr));
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:358:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rt.rt_dst, &sk_tgt_ipaddr, sizeof(sk_tgt_ipaddr));
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:359:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rt.rt_genmask, &sk_hostmask, sizeof(sk_hostmask));
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rt.rt_gateway, &sk_gateway, sizeof(sk_gateway));
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:314:9: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(host_dev->kernel_number);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sess_id[NAME_SIZE] = {'\0'};
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[NAME_SIZE] = {'\0'};
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnode_path[PATH_SIZE] = {'\0'};
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:679:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_root[BOOT_NAME_MAXLEN], boot_nic[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boot_name[BOOT_NAME_MAXLEN], boot_content[BOOT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:702:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iface->vlan_id = atoi(boot_content);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfs_dev_iscsi_iface_path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1163:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1172:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sysfs_dev_iscsi_iface_path, "/sys");
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1231:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1262:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(dev->kernel_number);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1267:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(dev_parent->kernel_number);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1575:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1684:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1826:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1841:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1859:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[3*PATH_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1903:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_buf[20];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1948:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[NAME_SIZE];
data/open-iscsi-2.1.2/usr/iscsi_util.c:54:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/null", O_RDWR);
data/open-iscsi-2.1.2/usr/iscsi_util.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[ISCSI_OOM_PATH_LEN];
data/open-iscsi-2.1.2/usr/iscsi_util.c:87:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_WRONLY);
data/open-iscsi-2.1.2/usr/iscsi_util.c:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, buffer[1024];
data/open-iscsi-2.1.2/usr/iscsi_util.c:217:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(pathname, "r"))) {
data/open-iscsi-2.1.2/usr/iscsiadm.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char config_file[TARGET_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/iscsiadm.c:357:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec_copy, rec, sizeof(*rec_copy));
data/open-iscsi-2.1.2/usr/iscsiadm.c:439:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rec_copy, rec, sizeof(*rec_copy));
data/open-iscsi-2.1.2/usr/iscsiadm.c:3589:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
killiscsid = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3634:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
info_level = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3660:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3690:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packet_size = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3693:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ping_count = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3696:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ping_interval = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsiadm.c:3954:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char session[64];
data/open-iscsi-2.1.2/usr/iscsid.c:263:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rec.session.auth, &sysfsrec.session.auth,
data/open-iscsi-2.1.2/usr/iscsid.c:279:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.u.session.rec, &rec, sizeof(node_rec_t));
data/open-iscsi-2.1.2/usr/iscsid.c:398:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsid.c:458:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/open-iscsi-2.1.2/usr/iscsid.c:462:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pid_file, O_WRONLY|O_CREAT, 0644);
data/open-iscsi-2.1.2/usr/iscsid.c:492:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d\n", getpid());
data/open-iscsi-2.1.2/usr/iscsid_req.c:106:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iscsid_namespace[64] = ISCSIADM_NAMESPACE;
data/open-iscsi-2.1.2/usr/iscsid_req.c:211:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.u.session.rec, rec, sizeof(node_rec_t));
data/open-iscsi-2.1.2/usr/iscsid_req.h:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char iscsid_namespace[64];
data/open-iscsi-2.1.2/usr/iscsistart.c:239:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&req.u.session.rec, rec, sizeof(*rec));
data/open-iscsi-2.1.2/usr/iscsistart.c:381:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_rec.tpgt = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsistart.c:388:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config_rec.conn[0].port = atoi(optarg);
data/open-iscsi-2.1.2/usr/iscsistart.c:416:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_level = atoi(optarg);
data/open-iscsi-2.1.2/usr/log.c:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAX_MSG_SIZE];
data/open-iscsi-2.1.2/usr/log.c:213:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&msg->str, buff, len);
data/open-iscsi-2.1.2/usr/log.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, len);
data/open-iscsi-2.1.2/usr/log.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[16*3+5], *lp = line;
data/open-iscsi-2.1.2/usr/log.c:350:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
lp += sprintf(lp, " %02x", buf[i]);
data/open-iscsi-2.1.2/usr/log.c:352:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
lp += sprintf(lp, " ");
data/open-iscsi-2.1.2/usr/log.c:354:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
lp += sprintf(lp, " |");
data/open-iscsi-2.1.2/usr/login.c:65:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, param, param_len);
data/open-iscsi-2.1.2/usr/login.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, value, value_len);
data/open-iscsi-2.1.2/usr/login.c:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, res->ai_addr, res->ai_addrlen);
data/open-iscsi-2.1.2/usr/login.c:190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_port[NI_MAXSERV];
data/open-iscsi-2.1.2/usr/login.c:204:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(default_port, "%d", ISCSI_LISTEN_PORT);
data/open-iscsi-2.1.2/usr/login.c:227:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
session->portal_group_tag = atoi(tag);
data/open-iscsi-2.1.2/usr/login.c:258:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->target_alias, value, size);
data/open-iscsi-2.1.2/usr/login.c:335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(session->target_alias, value, size);
data/open-iscsi-2.1.2/usr/login.c:785:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/login.c:797:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", session->max_burst);
data/open-iscsi-2.1.2/usr/login.c:802:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d",session->first_burst);
data/open-iscsi-2.1.2/usr/login.c:808:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", session->max_r2t);
data/open-iscsi-2.1.2/usr/login.c:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/login.c:834:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", conn->max_recv_dlength);
data/open-iscsi-2.1.2/usr/login.c:839:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", conn->max_recv_dlength);
data/open-iscsi-2.1.2/usr/login.c:845:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", conn->max_xmit_dlength);
data/open-iscsi-2.1.2/usr/login.c:967:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/login.c:993:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", session->def_time2wait);
data/open-iscsi-2.1.2/usr/login.c:998:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", session->def_time2retain);
data/open-iscsi-2.1.2/usr/login.c:1025:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(value, "%d", conn->max_recv_dlength);
data/open-iscsi-2.1.2/usr/login.c:1145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(login_hdr->isid, session->isid, sizeof(session->isid));
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:255:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&len, data, 4);
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user[PEERUSER_MAX];
data/open-iscsi-2.1.2/usr/mgmt_ipc.h:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[IFNAMSIZ + 1];
data/open-iscsi-2.1.2/usr/mgmt_ipc.h:96:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char custom[sizeof(struct iscsi_stats_custom) *
data/open-iscsi-2.1.2/usr/mgmt_ipc.h:100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[VALUE_MAXLEN];
data/open-iscsi-2.1.2/usr/netlink.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, recvbuf + recvlen, count);
data/open-iscsi-2.1.2/usr/netlink.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, NLMSG_DATA(iov.iov_base), count);
data/open-iscsi-2.1.2/usr/netlink.c:201:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xmitbuf + xmitlen,
data/open-iscsi-2.1.2/usr/netlink.c:383:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(setparam_buf + sizeof(*ev), addr, addrlen);
data/open-iscsi-2.1.2/usr/netlink.c:673:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d", *((int *)value));
data/open-iscsi-2.1.2/usr/netlink.c:717:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%d", *((int *)value));
data/open-iscsi-2.1.2/usr/netlink.c:720:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(param_str, "%u", *((unsigned int *)value));
data/open-iscsi-2.1.2/usr/netlink.c:880:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(setparam_buf + sizeof(*ev), dst_addr, addrlen);
data/open-iscsi-2.1.2/usr/netlink.c:959:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlm_ev[NLMSG_SPACE(sizeof(struct iscsi_uevent))];
data/open-iscsi-2.1.2/usr/netlink.c:1086:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(setparam_buf + sizeof(*ev), addr, addrlen);
data/open-iscsi-2.1.2/usr/netlink.c:1205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlm_ev[NLMSG_SPACE(sizeof(struct iscsi_uevent))];
data/open-iscsi-2.1.2/usr/netlink.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlm_ev[NLMSG_SPACE(sizeof(struct iscsi_uevent))];
data/open-iscsi-2.1.2/usr/netlink.c:1508:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nlm_ev[NLMSG_SPACE(sizeof(struct iscsi_uevent))];
data/open-iscsi-2.1.2/usr/netlink.c:1650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev_context->data, &ev->r.connerror.error,
data/open-iscsi-2.1.2/usr/netlink.c:1656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ev_context->data, &ev->r.conn_login.state,
data/open-iscsi-2.1.2/usr/session_info.c:36:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new, info, sizeof(*new));
data/open-iscsi-2.1.2/usr/session_info.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_buff[SCSI_MAX_STATE_VALUE];
data/open-iscsi-2.1.2/usr/session_info.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *blockdev, state[SCSI_MAX_STATE_VALUE];
data/open-iscsi-2.1.2/usr/session_info.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[SCSI_MAX_STATE_VALUE];
data/open-iscsi-2.1.2/usr/session_info.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/session_info.h:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/session_info.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/session_info.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password_in[AUTH_STR_MAX_LEN];
data/open-iscsi-2.1.2/usr/session_info.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char targetname[TARGET_NAME_MAXLEN + 1];
data/open-iscsi-2.1.2/usr/session_info.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[NI_MAXHOST + 1];
data/open-iscsi-2.1.2/usr/session_info.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char persistent_address[NI_MAXHOST + 1];
data/open-iscsi-2.1.2/usr/sysfs.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysfs_path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath_real[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parent_devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[NAME_SIZE] = { '\0', };
data/open-iscsi-2.1.2/usr/sysfs.c:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_target[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:387:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path_full, O_RDONLY);
data/open-iscsi-2.1.2/usr/sysfs.c:412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:446:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsys[NAME_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:564:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = atoi(sysfs_value);
data/open-iscsi-2.1.2/usr/sysfs.c:616:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = (uint8_t)atoi(sysfs_value);
data/open-iscsi-2.1.2/usr/sysfs.c:631:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = (uint16_t)atoi(sysfs_value);
data/open-iscsi-2.1.2/usr/sysfs.c:640:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_full[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.c:670:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path_full, O_WRONLY);
data/open-iscsi-2.1.2/usr/sysfs.c:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, buffer[1024];
data/open-iscsi-2.1.2/usr/sysfs.c:695:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(uevent_path, "r");
data/open-iscsi-2.1.2/usr/sysfs.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devpath[PATH_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subsystem[NAME_SIZE]; /* $class, $bus, drivers, module */
data/open-iscsi-2.1.2/usr/sysfs.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kernel[NAME_SIZE]; /* device instance name */
data/open-iscsi-2.1.2/usr/sysfs.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kernel_number[NAME_SIZE];
data/open-iscsi-2.1.2/usr/sysfs.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver[NAME_SIZE]; /* device driver name */
data/open-iscsi-2.1.2/usr/sysfs.h:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sysfs_path[PATH_SIZE];
data/open-iscsi-2.1.2/usr/transport.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transport_name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/transport.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ISCSI_TRANSPORT_NAME_MAXLEN];
data/open-iscsi-2.1.2/usr/uip_mgmt_ipc.c:38:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&broadcast.u.iface_rec, iface, sizeof(*iface));
data/open-iscsi-2.1.2/usr/uip_mgmt_ipc.c:60:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&broadcast.u.ping_rec.ifrec, iface, sizeof(*iface));
data/open-iscsi-2.1.2/usr/uip_mgmt_ipc.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&broadcast.u.ping_rec.ipaddr, dst_addr, len);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:40:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:42:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char nulls[16]; /* defaults to zero */
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipbuf[32];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:455:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.h:143:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char filename[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *niclist[OFWDEV_MAX];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:130:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mac_fd = open(mac_file, O_RDONLY);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:287:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[256];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *target_list[ISCSI_BOOT_MAX];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *nic_list[ISCSI_BOOT_MAX];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_dir[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initiator_dir[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lld_root[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initiator_dir[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:511:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lld_root[FILENAMESZ];
data/open-iscsi-2.1.2/utils/fwparam_ibft/iscsi_obp.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[1]; /* string value from the property */
data/open-iscsi-2.1.2/utils/fwparam_ibft/iscsi_obp.h:82:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mac[6]; /* The binary mac address. */
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_lex.c:931:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yytext[YYLMAX];
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STR_LEN];
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:992:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[STR_LEN];
data/open-iscsi-2.1.2/utils/iscsi-iname.c:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/open-iscsi-2.1.2/utils/iscsi-iname.c:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char entropy[16];
data/open-iscsi-2.1.2/utils/iscsi-iname.c:99:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(RANDOM_NUM_GENERATOR, O_RDONLY))) {
data/open-iscsi-2.1.2/utils/iscsi-iname.c:144:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(RANDOM_NUM_GENERATOR, O_RDONLY))) {
data/open-iscsi-2.1.2/utils/md5.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((md5byte *) ctx->in + 64 - t, buf, len);
data/open-iscsi-2.1.2/utils/md5.c:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((md5byte *) ctx->in + 64 - t, buf, t);
data/open-iscsi-2.1.2/utils/md5.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/open-iscsi-2.1.2/utils/md5.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/open-iscsi-2.1.2/utils/md5.c:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, ctx->buf, 16);
data/open-iscsi-2.1.2/utils/md5.h:38:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void MD5Final(unsigned char digest[16], struct MD5Context *context);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:187:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(context->dhcp_vendor_id);
data/open-iscsi-2.1.2/iscsiuio/src/apps/dhcpc/dhcpv6.c:495:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_len = strlen((char *)data);
data/open-iscsi-2.1.2/iscsiuio/src/uip/psock.h:196:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PT_WAIT_THREAD(&((psock)->pt), psock_send(psock, str, strlen(str)))
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:456:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nic->eth_device_name,
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1185:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addr_len = offsetof(struct sockaddr_un, sun_path) + strlen(ISCSID_UIP_NAMESPACE) + 1;
data/open-iscsi-2.1.2/iscsiuio/src/unix/iscsid_ipc.c:1190:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ISCSID_UIP_NAMESPACE));
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:347:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(pipefds[0], msgbuf, sizeof(msgbuf));
data/open-iscsi-2.1.2/iscsiuio/src/unix/main.c:369:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written_bytes = write(fd, buf, strlen(buf));
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:139:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(handle->ops->read) == NULL ||
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:146:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
handle->ops->read, handle->ops->write,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:780:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(nic->fd, &count, sizeof(count));
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.c:1012:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = (*nic->ops->read) (nic, pkt);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic.h:190:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (struct nic *, struct packet *);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:253:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nic->eth_device_name, raw, raw_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:308:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, nic->eth_device_name,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:519:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name,
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:619:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed_size = strlen(parsed_src);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:625:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, parsed_src, name_size);
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:766:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(host_pfx))) {
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_utils.c:1742:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, buf, sizeof(buf));
data/open-iscsi-2.1.2/iscsiuio/src/unix/nic_vlan.c:192:7: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
r = fscanf(fp, "%15s |%hu |%15s",
data/open-iscsi-2.1.2/libopeniscsiusr/default.c:63:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->name))
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:106:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)_org->_name)) \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:267:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(_recs[_n].value, ","); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:352:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:559:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(recs[i].value))
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:702:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(token))
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:767:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(passwd_len, 8, "%.7d", (int)strlen(value) & 0xffff); \
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:793:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:845:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/idbm.c:848:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = line + strlen(line) - 1;
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:130:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(proc_name, "iscsi_", strlen("iscsi_")) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:131:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_strncpy((*iface)->transport_name, proc_name + strlen("iscsi_"),
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:180:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp((*iface)->port_speed, "Unknown", strlen("Unknown")) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:516:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(iface_kern_id, "ipv4", strlen("ipv4")) == 0) {
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:806:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->hwaddress) &&
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:814:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->netdev) &&
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:825:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->name) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:828:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->transport_name) == 0)
data/open-iscsi-2.1.2/libopeniscsiusr/iface.c:887:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(iface_name) != 0);
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:94:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(size_t) size > strlen(src) ? \
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:95:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src) : (size_t) size); \
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:97:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((size_t) size - 1 > strlen(src) ? \
data/open-iscsi-2.1.2/libopeniscsiusr/misc.h:98:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(src) : (size_t) (size - 1))) = '\0'; \
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:128:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readed = read(fd, buff, buff_size);
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:180:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(default_value) + 1);
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:200:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(default_value) + 1);
data/open-iscsi-2.1.2/libopeniscsiusr/sysfs.c:211:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(default_value) + 1);
data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_iface.c:41:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(struct_name##_##prop_name##_get(obj)) != 0); \
data/open-iscsi-2.1.2/libopeniscsiusr/tests/test_session.c:41:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(struct_name##_##prop_name##_get(obj)) != 0); \
data/open-iscsi-2.1.2/usr/discovery.c:119:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(address) + 7;
data/open-iscsi-2.1.2/usr/discovery.c:344:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->iname))
data/open-iscsi-2.1.2/usr/discovery.c:647:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *next = text + strlen(text) + 1;
data/open-iscsi-2.1.2/usr/discovery.c:850:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->iname)) {
data/open-iscsi-2.1.2/usr/discoveryd.c:158:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->iface.iname) &&
data/open-iscsi-2.1.2/usr/discoveryd.c:342:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!is_def_iname || strlen(iface->iname)) &&
data/open-iscsi-2.1.2/usr/discoveryd.c:348:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->iname))
data/open-iscsi-2.1.2/usr/discoveryd.c:807:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->iname) &&
data/open-iscsi-2.1.2/usr/event_poll.c:204:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(sig_fd, &si, sizeof(si)) == -1) {
data/open-iscsi-2.1.2/usr/flashnode.c:57:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen((char *)fnode->conn[0].ipaddress))
data/open-iscsi-2.1.2/usr/flashnode.c:71:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(fnode->sess.targetname))
data/open-iscsi-2.1.2/usr/host.c:65:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->transport_name))
data/open-iscsi-2.1.2/usr/host.c:71:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->iname))
data/open-iscsi-2.1.2/usr/host.c:77:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipaddress))
data/open-iscsi-2.1.2/usr/host.c:84:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->hwaddress))
data/open-iscsi-2.1.2/usr/host.c:89:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->netdev))
data/open-iscsi-2.1.2/usr/host.c:100:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->transport_name))
data/open-iscsi-2.1.2/usr/host.c:107:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipaddress))
data/open-iscsi-2.1.2/usr/host.c:114:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->hwaddress))
data/open-iscsi-2.1.2/usr/host.c:119:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->netdev))
data/open-iscsi-2.1.2/usr/host.c:124:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->iname))
data/open-iscsi-2.1.2/usr/host.c:141:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipaddress))
data/open-iscsi-2.1.2/usr/host.c:146:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->gateway))
data/open-iscsi-2.1.2/usr/host.c:150:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->subnet_mask))
data/open-iscsi-2.1.2/usr/host.c:154:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->bootproto))
data/open-iscsi-2.1.2/usr/host.c:161:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipv6_autocfg))
data/open-iscsi-2.1.2/usr/host.c:167:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipv6_linklocal))
data/open-iscsi-2.1.2/usr/host.c:173:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->linklocal_autocfg))
data/open-iscsi-2.1.2/usr/host.c:179:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipv6_router))
data/open-iscsi-2.1.2/usr/host.c:187:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->port_state))
data/open-iscsi-2.1.2/usr/host.c:192:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->port_speed))
data/open-iscsi-2.1.2/usr/host.c:439:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crec->username, strlen(crec->username)))
data/open-iscsi-2.1.2/usr/host.c:444:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)crec->password)))
data/open-iscsi-2.1.2/usr/idbm.c:58:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)_rec->_name)) \
data/open-iscsi-2.1.2/usr/idbm.c:177:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(_info[_n].value, ","); \
data/open-iscsi-2.1.2/usr/idbm.c:929:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info[i].value))
data/open-iscsi-2.1.2/usr/idbm.c:1089:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(token))
data/open-iscsi-2.1.2/usr/idbm.c:1144:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(passwd_len, 8, "%.7" PRIi32, (int)strlen(value) & 0xffff); \
data/open-iscsi-2.1.2/usr/idbm.c:1203:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nl = line + strlen(line) - 1;
data/open-iscsi-2.1.2/usr/idbm.c:1303:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->drec_st.u.sendtargets.auth.password);
data/open-iscsi-2.1.2/usr/idbm.c:1306:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->drec_st.u.sendtargets.auth.password_in);
data/open-iscsi-2.1.2/usr/idbm.c:1309:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->drec_slp.u.slp.auth.password);
data/open-iscsi-2.1.2/usr/idbm.c:1312:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->drec_slp.u.slp.auth.password_in);
data/open-iscsi-2.1.2/usr/idbm.c:1315:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->nrec.session.auth.password);
data/open-iscsi-2.1.2/usr/idbm.c:1318:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char*)db->nrec.session.auth.password_in);
data/open-iscsi-2.1.2/usr/idbm.c:1459:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/open-iscsi-2.1.2/usr/idbm.c:1565:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
goto read;
data/open-iscsi-2.1.2/usr/idbm.c:1570:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->name)) {
data/open-iscsi-2.1.2/usr/idbm.c:1581:1: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read:
data/open-iscsi-2.1.2/usr/idbm.c:1621:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(drec->address)) {
data/open-iscsi-2.1.2/usr/idbm.c:3050:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->name)) {
data/open-iscsi-2.1.2/usr/idbm.c:3089:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)context->chap_password);
data/open-iscsi-2.1.2/usr/idbm.c:3091:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)context->chap_password_in);
data/open-iscsi-2.1.2/usr/iface.c:47:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _unwrap(x) (x && strlen(x)) ? x : UNKNOWN_VALUE
data/open-iscsi-2.1.2/usr/iface.c:91:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->name))
data/open-iscsi-2.1.2/usr/iface.c:109:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ifname) || strlen(ifname) + 1 > ISCSI_MAX_IFACE_LEN) {
data/open-iscsi-2.1.2/usr/iface.c:109:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ifname) || strlen(ifname) + 1 > ISCSI_MAX_IFACE_LEN) {
data/open-iscsi-2.1.2/usr/iface.c:185:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->name))
data/open-iscsi-2.1.2/usr/iface.c:187:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->netdev))
data/open-iscsi-2.1.2/usr/iface.c:189:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->hwaddress))
data/open-iscsi-2.1.2/usr/iface.c:191:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->transport_name))
data/open-iscsi-2.1.2/usr/iface.c:194:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->iname))
data/open-iscsi-2.1.2/usr/iface.c:348:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface_conf) > ISCSI_MAX_IFACE_LEN - 1) {
data/open-iscsi-2.1.2/usr/iface.c:451:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->ipaddress) ||
data/open-iscsi-2.1.2/usr/iface.c:476:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(hinfo->iface.hwaddress)) {
data/open-iscsi-2.1.2/usr/iface.c:574:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->name))
data/open-iscsi-2.1.2/usr/iface.c:578:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->netdev))
data/open-iscsi-2.1.2/usr/iface.c:580:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->ipaddress))
data/open-iscsi-2.1.2/usr/iface.c:582:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->subnet_mask))
data/open-iscsi-2.1.2/usr/iface.c:584:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->gateway))
data/open-iscsi-2.1.2/usr/iface.c:586:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->bootproto))
data/open-iscsi-2.1.2/usr/iface.c:588:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->ipv6_linklocal))
data/open-iscsi-2.1.2/usr/iface.c:590:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->ipv6_router))
data/open-iscsi-2.1.2/usr/iface.c:592:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->ipv6_autocfg))
data/open-iscsi-2.1.2/usr/iface.c:594:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->linklocal_autocfg))
data/open-iscsi-2.1.2/usr/iface.c:596:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->router_autocfg))
data/open-iscsi-2.1.2/usr/iface.c:602:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->vlan_state))
data/open-iscsi-2.1.2/usr/iface.c:604:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->state))
data/open-iscsi-2.1.2/usr/iface.c:610:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->delayed_ack))
data/open-iscsi-2.1.2/usr/iface.c:612:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->nagle))
data/open-iscsi-2.1.2/usr/iface.c:614:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->tcp_wsf_state))
data/open-iscsi-2.1.2/usr/iface.c:620:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->tcp_timestamp))
data/open-iscsi-2.1.2/usr/iface.c:622:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_dns))
data/open-iscsi-2.1.2/usr/iface.c:624:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_slp_da))
data/open-iscsi-2.1.2/usr/iface.c:626:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->tos_state))
data/open-iscsi-2.1.2/usr/iface.c:630:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->gratuitous_arp))
data/open-iscsi-2.1.2/usr/iface.c:632:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_alt_client_id_state))
data/open-iscsi-2.1.2/usr/iface.c:635:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_alt_client_id))
data/open-iscsi-2.1.2/usr/iface.c:637:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_req_vendor_id_state))
data/open-iscsi-2.1.2/usr/iface.c:640:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_vendor_id_state))
data/open-iscsi-2.1.2/usr/iface.c:642:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_vendor_id))
data/open-iscsi-2.1.2/usr/iface.c:644:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->dhcp_learn_iqn))
data/open-iscsi-2.1.2/usr/iface.c:646:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->fragmentation))
data/open-iscsi-2.1.2/usr/iface.c:648:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->incoming_forwarding))
data/open-iscsi-2.1.2/usr/iface.c:652:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->gratuitous_neighbor_adv))
data/open-iscsi-2.1.2/usr/iface.c:655:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->redirect))
data/open-iscsi-2.1.2/usr/iface.c:657:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->mld))
data/open-iscsi-2.1.2/usr/iface.c:677:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->header_digest))
data/open-iscsi-2.1.2/usr/iface.c:679:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->data_digest))
data/open-iscsi-2.1.2/usr/iface.c:681:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->immediate_data))
data/open-iscsi-2.1.2/usr/iface.c:683:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->initial_r2t))
data/open-iscsi-2.1.2/usr/iface.c:685:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->data_seq_inorder))
data/open-iscsi-2.1.2/usr/iface.c:687:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->data_pdu_inorder))
data/open-iscsi-2.1.2/usr/iface.c:699:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->chap_auth))
data/open-iscsi-2.1.2/usr/iface.c:701:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->bidi_chap))
data/open-iscsi-2.1.2/usr/iface.c:703:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->strict_login_comp))
data/open-iscsi-2.1.2/usr/iface.c:705:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->discovery_auth))
data/open-iscsi-2.1.2/usr/iface.c:707:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->discovery_logout))
data/open-iscsi-2.1.2/usr/iface.c:709:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->hwaddress))
data/open-iscsi-2.1.2/usr/iface.c:711:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->transport_name))
data/open-iscsi-2.1.2/usr/iface.c:713:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src->iname))
data/open-iscsi-2.1.2/usr/iface.c:722:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->name))
data/open-iscsi-2.1.2/usr/iface.c:725:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->transport_name))
data/open-iscsi-2.1.2/usr/iface.c:745:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pattern->name))
data/open-iscsi-2.1.2/usr/iface.c:755:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(pattern->transport_name))
data/open-iscsi-2.1.2/usr/iface.c:767:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->hwaddress) &&
data/open-iscsi-2.1.2/usr/iface.c:775:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->netdev) &&
data/open-iscsi-2.1.2/usr/iface.c:783:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (iface && strlen(iface->ipaddress) &&
data/open-iscsi-2.1.2/usr/iface.c:794:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iscsi_iface_name_get(iface)) > 0) ?
data/open-iscsi-2.1.2/usr/iface.c:798:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iscsi_iface_transport_name_get(iface)) > 0) ?
data/open-iscsi-2.1.2/usr/iface.c:802:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iscsi_iface_iname_get(iface)) > 0) ?
data/open-iscsi-2.1.2/usr/iface.c:805:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ipaddress))
data/open-iscsi-2.1.2/usr/iface.c:813:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iscsi_iface_hwaddress_get(iface)) > 0) ?
data/open-iscsi-2.1.2/usr/iface.c:817:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iscsi_iface_netdev_get(iface)) > 0) ?
data/open-iscsi-2.1.2/usr/iface.c:1002:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->initiatorname))
data/open-iscsi-2.1.2/usr/iface.c:1006:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->scsi_host_name)) {
data/open-iscsi-2.1.2/usr/iface.c:1013:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(context->iface)) {
data/open-iscsi-2.1.2/usr/iface.c:1980:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(iface->dhcp_alt_client_id),
data/open-iscsi-2.1.2/usr/iface.c:2007:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(iface->dhcp_vendor_id),
data/open-iscsi-2.1.2/usr/initiator.c:370:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(session->nrec.iface.iname))
data/open-iscsi-2.1.2/usr/initiator.c:380:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(session->nrec.iface.alias))
data/open-iscsi-2.1.2/usr/initiator.c:1404:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
num_read = read(stat_fd, sbuf, sizeof(sbuf));
data/open-iscsi-2.1.2/usr/initiator_common.c:650:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->netdev)) {
data/open-iscsi-2.1.2/usr/initiator_common.c:696:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->netdev))
data/open-iscsi-2.1.2/usr/io.c:133:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(if_hwaddr.ifr_name, ifa->ifa_name, IFNAMSIZ);
data/open-iscsi-2.1.2/usr/io.c:232:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(session->netdev)) {
data/open-iscsi-2.1.2/usr/io.c:242:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(session->netdev) + 1) < 0) {
data/open-iscsi-2.1.2/usr/io.c:499:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text += strlen(text);
data/open-iscsi-2.1.2/usr/io.c:721:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(conn->socket_fd, header,
data/open-iscsi-2.1.2/usr/io.c:724:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = ipc->read(header, sizeof (*hdr) - h_bytes);
data/open-iscsi-2.1.2/usr/io.c:778:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(conn->socket_fd, data + d_bytes,
data/open-iscsi-2.1.2/usr/io.c:781:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = ipc->read(data + d_bytes, dlength - d_bytes);
data/open-iscsi-2.1.2/usr/io.c:809:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = read(conn->socket_fd, &bytes, pad_bytes);
data/open-iscsi-2.1.2/usr/iscsi_ipc.h:116:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (char *data, int count);
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:258:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(netdev)) {
data/open-iscsi-2.1.2/usr/iscsi_net_util.c:416:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(netdev)) {
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:188:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)conf->password))
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:189:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conf->password_length = strlen((char *)conf->password);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:193:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)conf->password_in))
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:194:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conf->password_in_length = strlen((char *)conf->password_in);
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:432:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iface->hwaddress) &&
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:436:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(iface->netdev) &&
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:439:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(iface->ipaddress) &&
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:644:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("flashnode_conn")))
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1876:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path_full) > PATH_SIZE) {
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1912:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(write_buf));
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1928:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(write_buf));
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1943:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(write_buf));
data/open-iscsi-2.1.2/usr/iscsi_sysfs.c:1964:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(write_buf));
data/open-iscsi-2.1.2/usr/iscsi_util.c:47:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(addr->sun_path + 1) + 1;
data/open-iscsi-2.1.2/usr/iscsi_util.c:183:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/open-iscsi-2.1.2/usr/iscsi_util.c:238:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(param)) {
data/open-iscsi-2.1.2/usr/iscsi_util.c:245:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(param)) {
data/open-iscsi-2.1.2/usr/iscsi_util.c:275:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(address1))
data/open-iscsi-2.1.2/usr/iscsi_util.c:345:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) && strcmp(rec->name, targetname))
data/open-iscsi-2.1.2/usr/iscsiadm.c:785:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(target_name) != 0) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:790:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(address) != 0) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:796:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(iface_name) != 0) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:1005:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->conn[0].address) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:1021:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(rec->name))
data/open-iscsi-2.1.2/usr/iscsiadm.c:1027:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(rec->conn[0].address))
data/open-iscsi-2.1.2/usr/iscsiadm.c:1050:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) && strlen(rec->conn[0].address)) {
data/open-iscsi-2.1.2/usr/iscsiadm.c:1050:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec->name) && strlen(rec->conn[0].address)) {
data/open-iscsi-2.1.2/usr/iscsiadm.c:2849:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strlen(rec->name) && !strlen(rec->conn[0].address) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:2849:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(!strlen(rec->name) && !strlen(rec->conn[0].address) &&
data/open-iscsi-2.1.2/usr/iscsiadm.c:2850:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strlen(rec->iface.name)))) {
data/open-iscsi-2.1.2/usr/iscsiadm.c:3498:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(iface->netdev)) {
data/open-iscsi-2.1.2/usr/iscsiadm.c:3578:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0177);
data/open-iscsi-2.1.2/usr/iscsid.c:125:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(auth_conf.username))
data/open-iscsi-2.1.2/usr/iscsid.c:128:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(auth_conf.username_in))
data/open-iscsi-2.1.2/usr/iscsid.c:131:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)auth_conf.password)) {
data/open-iscsi-2.1.2/usr/iscsid.c:137:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char *)auth_conf.password_in)) {
data/open-iscsi-2.1.2/usr/iscsid.c:445:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0177);
data/open-iscsi-2.1.2/usr/iscsid.c:493:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, buf, strlen(buf)) < 0) {
data/open-iscsi-2.1.2/usr/iscsid_req.c:300:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
err = read(fd, &rsp, sizeof(rsp));
data/open-iscsi-2.1.2/usr/iscsid_req.c:307:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/open-iscsi-2.1.2/usr/iscsistart.c:208:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(value)) {
data/open-iscsi-2.1.2/usr/iscsistart.c:319:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(config_rec.name)) {
data/open-iscsi-2.1.2/usr/iscsistart.c:324:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(config_rec.conn[0].address)) {
data/open-iscsi-2.1.2/usr/iscsistart.c:334:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > max_len) { \
data/open-iscsi-2.1.2/usr/iscsistart.c:395:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auth->password_length = strlen((char *)auth->password);
data/open-iscsi-2.1.2/usr/iscsistart.c:403:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)auth->password_in);
data/open-iscsi-2.1.2/usr/log.c:182:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *)&lastmsg->str) * sizeof(char) + 1;
data/open-iscsi-2.1.2/usr/log.c:186:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buff) * sizeof(char) + 1;
data/open-iscsi-2.1.2/usr/log.c:236:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)&src->str) * sizeof(char) +
data/open-iscsi-2.1.2/usr/login.c:44:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int param_len = strlen(param);
data/open-iscsi-2.1.2/usr/login.c:45:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int value_len = strlen(value);
data/open-iscsi-2.1.2/usr/login.c:322:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(session->target_alias) == size &&
data/open-iscsi-2.1.2/usr/login.c:1048:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int key_length = key ? strlen(key) : 0;
data/open-iscsi-2.1.2/usr/login.c:1062:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&data[pdu_length], key, key_length);
data/open-iscsi-2.1.2/usr/login.c:1070:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdu_length += strlen(auth_value) + 1;
data/open-iscsi-2.1.2/usr/mgmt_ipc.c:425:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, ptr, len);
data/open-iscsi-2.1.2/usr/netlink.c:676:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(value))
data/open-iscsi-2.1.2/usr/netlink.c:684:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->u.set_host_param.len = len = strlen(param_str) + 1;
data/open-iscsi-2.1.2/usr/netlink.c:723:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(value))
data/open-iscsi-2.1.2/usr/netlink.c:731:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ev->u.set_param.len = len = strlen(param_str) + 1;
data/open-iscsi-2.1.2/usr/netlink.c:1335:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(value))
data/open-iscsi-2.1.2/usr/netlink.c:1338:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(param_str) + 1;
data/open-iscsi-2.1.2/usr/session_info.c:338:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_prefix = calloc(1, 1 + strlen(prefix) +
data/open-iscsi-2.1.2/usr/session_info.c:339:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("\t\t"));
data/open-iscsi-2.1.2/usr/session_info.c:399:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(iscsi_session_username_get(curr)) ?
data/open-iscsi-2.1.2/usr/session_info.c:409:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pass) ? pass : UNKNOWN_VALUE);
data/open-iscsi-2.1.2/usr/session_info.c:413:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(iscsi_session_username_in_get(curr)) ?
data/open-iscsi-2.1.2/usr/session_info.c:422:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pass) ? pass : UNKNOWN_VALUE);
data/open-iscsi-2.1.2/usr/sysfs.c:47:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/open-iscsi-2.1.2/usr/sysfs.c:120:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = &dev->kernel[strlen(dev->kernel)];
data/open-iscsi-2.1.2/usr/sysfs.c:392:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size = read(fd, value, sizeof(value));
data/open-iscsi-2.1.2/usr/sysfs.c:577:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!sysfs_value || !strlen(sysfs_value))
data/open-iscsi-2.1.2/usr/sysfs.c:580:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(sysfs_value);
data/open-iscsi-2.1.2/usr/sysfs.c:583:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(value, sysfs_value, value_size);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:170:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->initiatorname))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:173:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->isid))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:181:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->targetname))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:184:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->target_ipaddr))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:188:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->chap_name))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:190:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->chap_password))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->chap_name_in))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:194:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->chap_password_in))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:198:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->lun))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:205:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->mac))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:214:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(context->dhcp) && strcmp(context->dhcp, "0.0.0.0")))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:218:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->ipaddr))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:222:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->mask))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:224:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->gateway))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:226:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->primary_dns))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:228:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->secondary_dns))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:230:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->vlan))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fw_entry.c:232:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(context->iface))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ibft.c:420:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(cur_ptr, iBFTSTR,strlen(iBFTSTR)))
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:84:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *vdev = malloc(strlen(filename) + strlen("/vdevice") + 1);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:84:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *vdev = malloc(strlen(filename) + strlen("/vdevice") + 1);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:102:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devtree_offset = strlen(devtree);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:114:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mac_path_len = strlen(ofwdev->dev_path) + strlen(LOCAL_MAC_FILE) +
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:114:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mac_path_len = strlen(ofwdev->dev_path) + strlen(LOCAL_MAC_FILE) +
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:119:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mac_path_len += strlen(devtree);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:139:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(mac_fd, ofwdev->mac, 6);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:172:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int psz = sizeof(struct ofw_obp_param) + strlen(str);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_ppc.c:295:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, bootpath_val, bootpath_stat.st_size);
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:110:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(dent->d_name) - 4) >
data/open-iscsi-2.1.2/utils/fwparam_ibft/fwparam_sysfs.c:152:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dent->d_name) > (sizeof(context->iface) - 1)) {
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_lex.c:1079:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_lex.c:2050:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:892:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1423:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ofwdev->dev_path = malloc(strlen((yyvsp[-2].str)) +
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1424:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((yyvsp[-1].str)) + 3);
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1436:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ofwdev->dev_path = malloc(strlen((yyvsp[-3].str)) +
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1437:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((yyvsp[-2].str)) + 3);
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1449:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ofwdev->dev_path = malloc(strlen((yyvsp[-4].str)) +
data/open-iscsi-2.1.2/utils/fwparam_ibft/prom_parse.tab.c:1450:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((yyvsp[-3].str)) + 3);
data/open-iscsi-2.1.2/utils/iscsi-iname.c:100:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
e = read(fd, &entropy, 16);
data/open-iscsi-2.1.2/utils/iscsi-iname.c:145:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, entropy, 1) == 1)
data/open-iscsi-2.1.2/utils/sysdeps/sysdeps.c:60:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (bytes + strlen(src));
ANALYSIS SUMMARY:
Hits = 1310
Lines analyzed = 76995 in approximately 2.01 seconds (38277 lines/second)
Physical Source Lines of Code (SLOC) = 52601
Hits@level = [0] 515 [1] 312 [2] 733 [3] 14 [4] 245 [5] 6
Hits@level+ = [0+] 1825 [1+] 1310 [2+] 998 [3+] 265 [4+] 251 [5+] 6
Hits/KSLOC@level+ = [0+] 34.6952 [1+] 24.9045 [2+] 18.973 [3+] 5.03793 [4+] 4.77177 [5+] 0.114066
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.