Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/debug.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_codec.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_common.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_conn.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_endp.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_msg.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_sdp.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_stat.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/osmux.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/vty.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_endpoint_fsm.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h
Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_internal.h
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/g711common.h
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_endp.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_stat.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c
Examining data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c
Examining data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c
Examining data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c
FINAL RESULTS:
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:346:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, A_PTIME "%u", &r->ptime) != 1) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:352:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, A_RTPMAP "%d %63s", &pt, codec_resp) != 2) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:315:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = vsnprintf(ep->endpoint, sizeof(ep->endpoint), endpoint_str_fmt ? : "", ap);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:353:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(ci->label, sizeof(ci->label), label_fmt, ap);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:141:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_ptr, sdp);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:201:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str_ptr, sdp);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_stat.c:96:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
nchars = snprintf(str, str_len,
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:586:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf((char *)msg->data, str, conn_id, conn_id);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:588:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
len = sprintf((char *)msg->data, "%s", str);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:719:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(exp_resp_patched, exp_resp, conn_id, conn_id);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:478:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() % rtp_ssrc_winlen),
data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c:107:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hc:sVD", long_options, &option_index);
data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c:325:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp.h:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[255+1];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MGCP_CONN_ID_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endpoint_domain_name[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[MGCP_COMMENT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[MGCP_CONN_ID_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endpoint[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_ip[INET_ADDRSTRLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endpoint[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[INET_ADDRSTRLEN];
data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endpoint[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_buf[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codec_resp[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:517:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label_string[4];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:879:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char endpoint[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ip[INET_ADDRSTRLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mgcp_ci_str[MGCP_CONN_ID_LENGTH];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endpoint[MGCP_ENDPOINT_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:179:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:220:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char osmo_mgcpc_ep_fsm_event_name_bufs[32][32] = {};
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[MGCP_CONN_ID_MAXLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:172:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mgcp_msg.param, &mgcp_ctx->conn_peer_local.param, sizeof(mgcp_ctx->conn_peer_local.param));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:727:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c:63:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_mgcp_client_conf->local_port = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c:96:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
global_mgcp_client_conf->remote_port = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[256];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_codec[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codec_name[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c:348:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[sizeof(conn->name)+sizeof(conn->id)+256];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char line[80];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out.sin_addr, addr, sizeof(*addr));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_sink[RTP_BUF_SIZE];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RTP_BUF_SIZE];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[512];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ip_addr[INET_ADDRSTRLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:54:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out.sin_addr, &handle->rem_addr, sizeof(handle->rem_addr));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->data, buf, buf_len);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(osmux_cid, &msg->data[1], sizeof(*osmux_cid));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, endp->last_response, msgb_l2len(msg));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_ip_addr[INET_ADDRSTRLEN];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codec[17];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_name[512];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stats[1048];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1741:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MGCP_ENDPOINT_MAXLEN + 128];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MGCP_ENDPOINT_MAXLEN + 128];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_codec[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_name[64];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipv4[16];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:360:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trunkidx = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:402:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int port = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:432:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:433:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atoi(argv[1]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:518:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int dscp = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:534:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->force_ptime = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:584:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int payload = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:652:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.audio_loop = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:662:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.force_realloc = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:672:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.rtp_accept_all = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:682:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->trunk.vty_number_endpoints = atoi(argv[0]) + 1;
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:761:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgcp_trunk_set_keepalive(&g_cfg->trunk, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:801:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int index = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:894:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int payload = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:930:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk->audio_loop = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1059:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgcp_trunk_set_keepalive(trunk, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1111:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1114:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1132:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int loop = atoi(argv[2]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1170:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1173:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1211:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tap->forward.sin_port = htons(atoi(argv[5]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1223:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1226:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1256:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunk = find_trunk(g_cfg, atoi(argv[0]));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1259:4: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argv[0]), VTY_NEWLINE);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1335:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_batch = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1344:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_batch_size = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1352:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->osmux_port = atoi(argv[0]);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:615:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (len == 1 && ((const char *)buf)[0] == MGCP_DUMMY_LOAD) {
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:704:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exp_resp_patched[4096];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:706:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[256];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_conn_id[256];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_conn_id[256];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[256];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:1369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conn_id[256];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char compose[4096 - 128];
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_ip_overflow[5000];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:72:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(buf); i++) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:251:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t line_len = strlen(line);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:375:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 16)
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:521:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < 4)
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:559:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data = talloc_zero_size(r, strlen(r->body)+1);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:562:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
osmo_strlcpy(data, r->body, strlen(r->body));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:602:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:698:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd->fd, msg->data, 4096 - 128);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1085:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mgcp_msg->audio_ip) <= 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1197:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mgcp_msg->endpoint) <= 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1223:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mgcp_msg->conn_id) <= 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:292:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(r->head.endpoint) > 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:524:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mgcp_ctx->conn_id)) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:680:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(conn_peer->endpoint) && strcmp(conn_peer->endpoint, mgcp_ctx->conn_peer_remote.endpoint)) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:182:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(audio_name) >= sizeof(audio_codec)) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c:67:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < strlen(id_hex); k++)
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:63:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((const char *)line)) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:258:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MGCP_ENDPOINT_PREFIX_VIRTUAL_TRUNK)) == 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:260:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mgcp + strlen(MGCP_ENDPOINT_PREFIX_VIRTUAL_TRUNK);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:390:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t line_len = strlen(line);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:452:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(conn_id) == 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:459:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(conn_id) > (MGCP_CONN_ID_MAXLEN-1)) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:462:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(conn_id), MGCP_CONN_ID_MAXLEN-1, conn_id);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:205:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg->l2h = msgb_put(msg, strlen(endp->last_response));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:529:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char **)talloc_zero_size(ctx, strlen(options) * sizeof(char *));
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:555:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lco_identifier) == 0)
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:599:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(options) == 0)
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:628:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(codec);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:778:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(line, MGCP_X_OSMO_IGN_HEADER, strlen(MGCP_X_OSMO_IGN_HEADER)))
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:780:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line += strlen(MGCP_X_OSMO_IGN_HEADER);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:839:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1122:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:139:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = talloc_zero_size(ctx, strlen(sdp) + 1);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:199:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = talloc_zero_size(ctx, strlen(sdp) + 1);
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:231:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimiter = str_ptr[strlen(str_ptr) - 1];
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:233:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_ptr[strlen(str_ptr) - 1] = '\0';
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:315:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "a=rtpmap:%d %63s", &payload, audio_name) == 2) {
data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:355:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "c=IN IP4 %15s", ipv4) == 1) {
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:585:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (conn_id && strlen(conn_id))
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:677:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_id_start += strlen(header_I);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:680:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_id_start += strlen(header_o);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:688:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conn_id_len = strlen(conn_id_start);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:696:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(conn_id, conn_id_start, conn_id_len);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:49:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(head);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:57:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(params);
data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:68:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int l = strlen(str);
ANALYSIS SUMMARY:
Hits = 150
Lines analyzed = 15612 in approximately 0.63 seconds (24648 lines/second)
Physical Source Lines of Code (SLOC) = 11034
Hits@level = [0] 209 [1] 46 [2] 91 [3] 3 [4] 10 [5] 0
Hits@level+ = [0+] 359 [1+] 150 [2+] 104 [3+] 13 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 32.5358 [1+] 13.5943 [2+] 9.42541 [3+] 1.17818 [4+] 0.90629 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.