Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/openpace-1.1.0+ds/bindings/go/eac_wrap.c
Examining data/openpace-1.1.0+ds/bindings/java/eac_wrap.c
Examining data/openpace-1.1.0+ds/src/ca_lib.c
Examining data/openpace-1.1.0+ds/src/ca_lib.h
Examining data/openpace-1.1.0+ds/src/cv_cert.c
Examining data/openpace-1.1.0+ds/src/cvc-create-cmdline.c
Examining data/openpace-1.1.0+ds/src/cvc-create-cmdline.h
Examining data/openpace-1.1.0+ds/src/cvc-create.c
Examining data/openpace-1.1.0+ds/src/cvc-print-cmdline.c
Examining data/openpace-1.1.0+ds/src/cvc-print-cmdline.h
Examining data/openpace-1.1.0+ds/src/cvc-print.c
Examining data/openpace-1.1.0+ds/src/cvc_lookup.c
Examining data/openpace-1.1.0+ds/src/eac.c
Examining data/openpace-1.1.0+ds/src/eac/ca.h
Examining data/openpace-1.1.0+ds/src/eac/cv_cert.h
Examining data/openpace-1.1.0+ds/src/eac/eac.h
Examining data/openpace-1.1.0+ds/src/eac/objects.h
Examining data/openpace-1.1.0+ds/src/eac/pace.h
Examining data/openpace-1.1.0+ds/src/eac/ri.h
Examining data/openpace-1.1.0+ds/src/eac/ta.h
Examining data/openpace-1.1.0+ds/src/eac_asn1.c
Examining data/openpace-1.1.0+ds/src/eac_asn1.h
Examining data/openpace-1.1.0+ds/src/eac_ca.c
Examining data/openpace-1.1.0+ds/src/eac_dh.c
Examining data/openpace-1.1.0+ds/src/eac_dh.h
Examining data/openpace-1.1.0+ds/src/eac_ecdh.c
Examining data/openpace-1.1.0+ds/src/eac_ecdh.h
Examining data/openpace-1.1.0+ds/src/eac_err.h
Examining data/openpace-1.1.0+ds/src/eac_kdf.c
Examining data/openpace-1.1.0+ds/src/eac_kdf.h
Examining data/openpace-1.1.0+ds/src/eac_lib.c
Examining data/openpace-1.1.0+ds/src/eac_lib.h
Examining data/openpace-1.1.0+ds/src/eac_print.c
Examining data/openpace-1.1.0+ds/src/eac_util.c
Examining data/openpace-1.1.0+ds/src/eac_util.h
Examining data/openpace-1.1.0+ds/src/eactest.c
Examining data/openpace-1.1.0+ds/src/example.c
Examining data/openpace-1.1.0+ds/src/misc.c
Examining data/openpace-1.1.0+ds/src/misc.h
Examining data/openpace-1.1.0+ds/src/objects.c
Examining data/openpace-1.1.0+ds/src/pace.c
Examining data/openpace-1.1.0+ds/src/pace_lib.c
Examining data/openpace-1.1.0+ds/src/pace_lib.h
Examining data/openpace-1.1.0+ds/src/pace_mappings.c
Examining data/openpace-1.1.0+ds/src/pace_mappings.h
Examining data/openpace-1.1.0+ds/src/read_file.c
Examining data/openpace-1.1.0+ds/src/read_file.h
Examining data/openpace-1.1.0+ds/src/ri.c
Examining data/openpace-1.1.0+ds/src/ri_lib.c
Examining data/openpace-1.1.0+ds/src/ssl_compat.c
Examining data/openpace-1.1.0+ds/src/ssl_compat.h
Examining data/openpace-1.1.0+ds/src/ta.c
Examining data/openpace-1.1.0+ds/src/ta_lib.c
Examining data/openpace-1.1.0+ds/src/ta_lib.h
Examining data/openpace-1.1.0+ds/src/vc.c
Examining data/openpace-1.1.0+ds/src/x509_lookup.c
FINAL RESULTS:
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:537:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*out, terminal_type);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:469:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*out, terminal_type);
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:765:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s);
data/openpace-1.1.0+ds/src/cvc-create.c:801:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, basename);
data/openpace-1.1.0+ds/src/cvc-create.c:802:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, PKCS8_EXT);
data/openpace-1.1.0+ds/src/cvc-create.c:901:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, basename);
data/openpace-1.1.0+ds/src/cvc-create.c:902:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, DESC_EXT);
data/openpace-1.1.0+ds/src/cvc-create.c:944:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, basename);
data/openpace-1.1.0+ds/src/cvc-create.c:945:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, CVC_CERT_EXT);
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:277:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s);
data/openpace-1.1.0+ds/src/eac_util.c:314:33: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
len = EVP_CIPHER_block_size(EVP_des_cbc());
data/openpace-1.1.0+ds/src/eac_util.c:321:33: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
if (!EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
data/openpace-1.1.0+ds/src/eac_util.c:327:25: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
c_tmp = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 1, in);
data/openpace-1.1.0+ds/src/eac_util.c:334:43: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
if (!block || !EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
data/openpace-1.1.0+ds/src/eac_util.c:338:25: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
d_tmp = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 0, block);
data/openpace-1.1.0+ds/src/eac_util.c:342:43: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
if (!d_tmp || !EVP_CipherInit_ex(ctx, EVP_des_cbc(), NULL,
data/openpace-1.1.0+ds/src/eac_util.c:346:23: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
mac = cipher(ctx, EVP_des_cbc(), NULL, NULL, NULL, 1, d_tmp);
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:1145:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hV", long_options, &option_index);
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:479:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, "hVc:d:r:", long_options, &option_index);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.p, p, l);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.p, p, l);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:463:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, chat->relative_authorization->data, *out_len);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:846:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg1, garg1.p, garg1.n);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:878:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg1, garg1.p, garg1.n);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:2529:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg1, garg1.p, garg1.n);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:2545:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg1, garg1.p, garg1.n);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:395:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out, chat->relative_authorization->data, *out_len);
data/openpace-1.1.0+ds/src/cv_cert.c:792:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data, request, request_len);
data/openpace-1.1.0+ds/src/cv_cert.c:793:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + request_len,
data/openpace-1.1.0+ds/src/cv_cert.c:1037:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, ref->data, ref->length);
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:734:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(filename, "w");
data/openpace-1.1.0+ds/src/cvc-create.c:53:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "wb");
data/openpace-1.1.0+ds/src/cvc-create.c:190:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char authorization[EAC_AT_CHAT_BYTES];
data/openpace-1.1.0+ds/src/cvc-create.c:286:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char authorization[EAC_IS_CHAT_BYTES];
data/openpace-1.1.0+ds/src/cvc-create.c:318:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char authorization[EAC_ST_CHAT_BYTES];
data/openpace-1.1.0+ds/src/cvc-create.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/openpace-1.1.0+ds/src/cvc-create.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[70];
data/openpace-1.1.0+ds/src/cvc-create.c:759:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(basename, (char *) request->body->certificate_holder_reference->data,
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:246:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile = fopen(filename, "w");
data/openpace-1.1.0+ds/src/cvc_lookup.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cvc_default_dir[PATH_MAX];
data/openpace-1.1.0+ds/src/cvc_lookup.c:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/openpace-1.1.0+ds/src/eac.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, padded->data, m_len);
data/openpace-1.1.0+ds/src/eac.c:138:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_authenticate->data, ssc_buf, l);
data/openpace-1.1.0+ds/src/eac.c:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_authenticate->data + l, data->data, data->length);
data/openpace-1.1.0+ds/src/eac_asn1.c:335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_txt[32];
data/openpace-1.1.0+ds/src/eac_asn1.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_txt[32];
data/openpace-1.1.0+ds/src/eac_kdf.c:67:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->data, key->data, key->length);
data/openpace-1.1.0+ds/src/eac_kdf.c:68:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->data + key->length, nonce->data, nonce->length);
data/openpace-1.1.0+ds/src/eac_kdf.c:69:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->data + key->length + nonce->length, &counter, sizeof counter);
data/openpace-1.1.0+ds/src/eac_kdf.c:73:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->data, key->data, key->length);
data/openpace-1.1.0+ds/src/eac_kdf.c:74:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->data + key->length, &counter, sizeof counter);
data/openpace-1.1.0+ds/src/eac_util.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, m->data, m->length);
data/openpace-1.1.0+ds/src/eac_util.c:421:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*encoded, p + bn_len - en_len, en_len);
data/openpace-1.1.0+ds/src/eac_util.c:470:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->iv, ivbuf->data, ivbuf->length);
data/openpace-1.1.0+ds/src/eac_util.c:1089:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plain_sig_buf->data, r, rs_max);
data/openpace-1.1.0+ds/src/eac_util.c:1090:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plain_sig_buf->data + rs_max, s, rs_max);
data/openpace-1.1.0+ds/src/eactest.c:2247:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pace_raw[0xff];
data/openpace-1.1.0+ds/src/eactest.c:2325:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, predictable_buffer+i, to_copy);
data/openpace-1.1.0+ds/src/misc.c:199:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, buf, outlen);
data/openpace-1.1.0+ds/src/misc.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, buf, len);
data/openpace-1.1.0+ds/src/misc.c:251:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, in->data, in->length);
data/openpace-1.1.0+ds/src/pace_lib.c:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cat->data, serial, MRZ_SERIALNUMBER_LEN);
data/openpace-1.1.0+ds/src/pace_lib.c:180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cat->data + MRZ_SERIALNUMBER_LEN, dob, MRZ_DATEOFBIRTH_LEN);
data/openpace-1.1.0+ds/src/pace_lib.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cat->data + MRZ_SERIALNUMBER_LEN + MRZ_DATEOFBIRTH_LEN,
data/openpace-1.1.0+ds/src/read_file.c:41:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/openpace-1.1.0+ds/src/ta.c:108:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data, id_picc->data, id_picc->length);
data/openpace-1.1.0+ds/src/ta.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + id_picc->length, nonce->data, nonce->length);
data/openpace-1.1.0+ds/src/ta.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + id_picc->length + nonce->length, pcd_ta_comp_eph_pubkey->data,
data/openpace-1.1.0+ds/src/ta.c:113:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + id_picc->length + nonce->length +
data/openpace-1.1.0+ds/src/ta_lib.c:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&eff_tm, utc_tm, sizeof(struct tm));
data/openpace-1.1.0+ds/src/ta_lib.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&exp_tm, utc_tm, sizeof(struct tm));
data/openpace-1.1.0+ds/src/x509_lookup.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char x509_default_dir[PATH_MAX];
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:482:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "Terminal certificate", *out_len);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:489:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "DV certificate", *out_len);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:496:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "DV certificate", *out_len);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:503:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "CVCA certificate", *out_len);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:532:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*out_len = strlen(terminal_type) + 1;
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:1142:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_swig_go_result = Swig_AllocateString((char*)result, result ? strlen((char*)result) : 0);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:1157:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_swig_go_result = Swig_AllocateString((char*)result, result ? strlen((char*)result) : 0);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:1172:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_swig_go_result = Swig_AllocateString((char*)result, result ? strlen((char*)result) : 0);
data/openpace-1.1.0+ds/bindings/go/eac_wrap.c:1187:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_swig_go_result = Swig_AllocateString((char*)result, result ? strlen((char*)result) : 0);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:414:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "Terminal certificate", *out_len);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:421:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "DV certificate", *out_len);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:428:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "DV certificate", *out_len);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:435:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(*out, "CVCA certificate", *out_len);
data/openpace-1.1.0+ds/bindings/java/eac_wrap.c:464:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*out_len = strlen(terminal_type) + 1;
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:397:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(CMDLINE_PARSER_PACKAGE_NAME) ? CMDLINE_PARSER_PACKAGE_NAME : CMDLINE_PARSER_PACKAGE),
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:400:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_versiontext) > 0)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:407:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_purpose) > 0)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:410:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_usage) > 0)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:415:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_description) > 0)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:533:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0, len = strlen(val); values[i]; ++i)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:539:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[i]) == len)
data/openpace-1.1.0+ds/src/cvc-create-cmdline.c:762:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*)malloc(strlen(s) + 1);
data/openpace-1.1.0+ds/src/cvc-create.c:355:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hex_len = strlen(hex);
data/openpace-1.1.0+ds/src/cvc-create.c:404:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type_arg_len = strlen(cmdline->type_arg);
data/openpace-1.1.0+ds/src/cvc-create.c:410:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen("at") == type_arg_len
data/openpace-1.1.0+ds/src/cvc-create.c:414:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen("is") == type_arg_len
data/openpace-1.1.0+ds/src/cvc-create.c:418:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen("st") == type_arg_len
data/openpace-1.1.0+ds/src/cvc-create.c:422:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen("derived_from_signer") == type_arg_len
data/openpace-1.1.0+ds/src/cvc-create.c:515:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (out_len != strlen(ascii)) {
data/openpace-1.1.0+ds/src/cvc-create.c:543:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmdline->cert_desc_arg);
data/openpace-1.1.0+ds/src/cvc-create.c:544:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext_len = strlen(TXT_EXT);
data/openpace-1.1.0+ds/src/cvc-create.c:549:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext_len = strlen(HTML_EXT);
data/openpace-1.1.0+ds/src/cvc-create.c:554:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ext_len = strlen(PDF_EXT);
data/openpace-1.1.0+ds/src/cvc-create.c:609:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmdline->issuer_name_arg)))
data/openpace-1.1.0+ds/src/cvc-create.c:618:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmdline->issuer_url_arg)))
data/openpace-1.1.0+ds/src/cvc-create.c:627:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmdline->subject_name_arg)))
data/openpace-1.1.0+ds/src/cvc-create.c:636:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cmdline->subject_url_arg)))
data/openpace-1.1.0+ds/src/cvc-create.c:727:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
car_len = strlen(cmdline.chr_arg);
data/openpace-1.1.0+ds/src/cvc-create.c:751:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned char *) cmdline.chr_arg, strlen(cmdline.chr_arg)))
data/openpace-1.1.0+ds/src/cvc-create.c:753:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(basename, cmdline.chr_arg, (sizeof basename) - 1);
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:108:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(CMDLINE_PARSER_PACKAGE_NAME) ? CMDLINE_PARSER_PACKAGE_NAME : CMDLINE_PARSER_PACKAGE),
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:111:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_versiontext) > 0)
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:118:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_purpose) > 0)
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:121:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_usage) > 0)
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gengetopt_args_info_description) > 0)
data/openpace-1.1.0+ds/src/cvc-print-cmdline.c:274:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*)malloc(strlen(s) + 1);
data/openpace-1.1.0+ds/src/cvc_lookup.c:48:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cvc_default_dir, default_dir, (sizeof cvc_default_dir) - 1);
data/openpace-1.1.0+ds/src/cvc_lookup.c:98:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(dir)+1+chr_len+5 > sizeof path)
data/openpace-1.1.0+ds/src/eactest.c:2584:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = PACE_SEC_new(pace_secret.secret, strlen(pace_secret.secret), pace_secret.type);
data/openpace-1.1.0+ds/src/eactest.c:3014:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pace_sec = PACE_SEC_new(tc->password, strlen(tc->password),
data/openpace-1.1.0+ds/src/example.c:30:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secret = PACE_SEC_new(PIN, strlen(PIN), PACE_PIN);
data/openpace-1.1.0+ds/src/x509_lookup.c:47:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(x509_default_dir, default_dir, (sizeof x509_default_dir) - 1);
ANALYSIS SUMMARY:
Hits = 124
Lines analyzed = 25740 in approximately 0.84 seconds (30557 lines/second)
Physical Source Lines of Code (SLOC) = 17838
Hits@level = [0] 91 [1] 52 [2] 53 [3] 2 [4] 17 [5] 0
Hits@level+ = [0+] 215 [1+] 124 [2+] 72 [3+] 19 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 12.0529 [1+] 6.95145 [2+] 4.03633 [3+] 1.06514 [4+] 0.953022 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.