Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/debug.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_codec.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_common.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_conn.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_endp.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_msg.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_sdp.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_stat.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/osmux.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/vty.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_endpoint_fsm.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h Examining data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_internal.h Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/g711common.h Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_endp.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_stat.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c Examining data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c Examining data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c Examining data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c Examining data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c FINAL RESULTS: data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:346:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(line, A_PTIME "%u", &r->ptime) != 1) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:352:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(line, A_RTPMAP "%d %63s", &pt, codec_resp) != 2) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:315:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rc = vsnprintf(ep->endpoint, sizeof(ep->endpoint), endpoint_str_fmt ? : "", ap); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:353:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(ci->label, sizeof(ci->label), label_fmt, ap); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:141:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str_ptr, sdp); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:201:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str_ptr, sdp); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_stat.c:96:12: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = snprintf(str, str_len, data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:586:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len = sprintf((char *)msg->data, str, conn_id, conn_id); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:588:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. len = sprintf((char *)msg->data, "%s", str); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:719:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(exp_resp_patched, exp_resp, conn_id, conn_id); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:478:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (random() % rtp_ssrc_winlen), data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c:107:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hc:sVD", long_options, &option_index); data/osmo-mgw-1.7.0+dfsg1/src/osmo-mgw/mgw_main.c:325:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp.h:278:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domain[255+1]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h:233:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[MGCP_CONN_ID_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp/mgcp_internal.h:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint_domain_name[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[MGCP_COMMENT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[MGCP_CONN_ID_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char audio_ip[INET_ADDRSTRLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client.h:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET_ADDRSTRLEN]; data/osmo-mgw-1.7.0+dfsg1/include/osmocom/mgcp_client/mgcp_client_fsm.h:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:63:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_buf[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codec_resp[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:517:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_string[4]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:879:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char endpoint[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1053:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_ip[INET_ADDRSTRLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mgcp_ci_str[MGCP_CONN_ID_LENGTH]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endpoint[MGCP_ENDPOINT_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:179:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_endpoint_fsm.c:220:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char osmo_mgcpc_ep_fsm_event_name_bufs[32][32] = {}; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[MGCP_CONN_ID_MAXLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mgcp_msg.param, &mgcp_ctx->conn_peer_local.param, sizeof(mgcp_ctx->conn_peer_local.param)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:727:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c:63:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). global_mgcp_client_conf->local_port = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_vty.c:96:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). global_mgcp_client_conf->remote_port = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:28:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[256]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char audio_codec[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codec_name[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c:348:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[sizeof(conn->name)+sizeof(conn->id)+256]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:39:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char line[80]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:147:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out.sin_addr, addr, sizeof(*addr)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:962:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_sink[RTP_BUF_SIZE]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1348:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RTP_BUF_SIZE]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[512]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_network.c:1489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_ip_addr[INET_ADDRSTRLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:54:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&out.sin_addr, &handle->rem_addr, sizeof(handle->rem_addr)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->data, buf, buf_len); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_osmux.c:310:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(osmux_cid, &msg->data[1], sizeof(*osmux_cid)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:206:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->l2h, endp->last_response, msgb_l2len(msg)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:310:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_ip_addr[INET_ADDRSTRLEN]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:594:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codec[17]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:811:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_name[512]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1294:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stats[1048]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1741:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MGCP_ENDPOINT_MAXLEN + 128]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1764:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MGCP_ENDPOINT_MAXLEN + 128]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char audio_codec[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char audio_name[64]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv4[16]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:360:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int trunkidx = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:402:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int port = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:432:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:433:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end = atoi(argv[1]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:518:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int dscp = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:534:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->force_ptime = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:584:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int payload = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:652:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->trunk.audio_loop = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:662:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->trunk.force_realloc = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:672:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->trunk.rtp_accept_all = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:682:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->trunk.vty_number_endpoints = atoi(argv[0]) + 1; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:761:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mgcp_trunk_set_keepalive(&g_cfg->trunk, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:801:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int index = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:894:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int payload = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:930:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trunk->audio_loop = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1059:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mgcp_trunk_set_keepalive(trunk, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1111:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trunk = find_trunk(g_cfg, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1114:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[0]), VTY_NEWLINE); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1132:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int loop = atoi(argv[2]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1170:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trunk = find_trunk(g_cfg, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1173:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[0]), VTY_NEWLINE); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1211:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tap->forward.sin_port = htons(atoi(argv[5])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1223:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trunk = find_trunk(g_cfg, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1226:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[0]), VTY_NEWLINE); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1256:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). trunk = find_trunk(g_cfg, atoi(argv[0])); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1259:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[0]), VTY_NEWLINE); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1335:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->osmux_batch = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1344:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->osmux_batch_size = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_vty.c:1352:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->osmux_port = atoi(argv[0]); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:615:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (len == 1 && ((const char *)buf)[0] == MGCP_DUMMY_LOAD) { data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:704:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exp_resp_patched[4096]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:706:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[256]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:755:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_conn_id[256]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:895:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_conn_id[256]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:963:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[256]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:1271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:1369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id[256]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char compose[4096 - 128]; data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char audio_ip_overflow[5000]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:72:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(buf); i++) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:251:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t line_len = strlen(line); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:375:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) < 16) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:521:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) < 4) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:559:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data = talloc_zero_size(r, strlen(r->body)+1); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:562:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). osmo_strlcpy(data, r->body, strlen(r->body)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:602:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:698:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fd->fd, msg->data, 4096 - 128); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1085:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mgcp_msg->audio_ip) <= 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1197:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mgcp_msg->endpoint) <= 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client.c:1223:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mgcp_msg->conn_id) <= 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:292:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(r->head.endpoint) > 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:524:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mgcp_ctx->conn_id)) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp-client/mgcp_client_fsm.c:680:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(conn_peer->endpoint) && strcmp(conn_peer->endpoint, mgcp_ctx->conn_peer_remote.endpoint)) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_codec.c:182:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(audio_name) >= sizeof(audio_codec)) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_conn.c:67:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k = 0; k < strlen(id_hex); k++) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:63:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((const char *)line)) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:258:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(MGCP_ENDPOINT_PREFIX_VIRTUAL_TRUNK)) == 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:260:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mgcp + strlen(MGCP_ENDPOINT_PREFIX_VIRTUAL_TRUNK); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:390:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t line_len = strlen(line); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:452:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(conn_id) == 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:459:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(conn_id) > (MGCP_CONN_ID_MAXLEN-1)) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_msg.c:462:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(conn_id), MGCP_CONN_ID_MAXLEN-1, conn_id); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:205:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->l2h = msgb_put(msg, strlen(endp->last_response)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:529:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char **)talloc_zero_size(ctx, strlen(options) * sizeof(char *)); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:555:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lco_identifier) == 0) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:599:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(options) == 0) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:628:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(codec); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:778:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line, MGCP_X_OSMO_IGN_HEADER, strlen(MGCP_X_OSMO_IGN_HEADER))) data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:780:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line += strlen(MGCP_X_OSMO_IGN_HEADER); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:839:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_protocol.c:1122:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp("Osmux: ", line + 2, strlen("Osmux: ")) == 0) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:139:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = talloc_zero_size(ctx, strlen(sdp) + 1); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:199:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = talloc_zero_size(ctx, strlen(sdp) + 1); data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:231:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimiter = str_ptr[strlen(str_ptr) - 1]; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:233:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_ptr[strlen(str_ptr) - 1] = '\0'; data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:315:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "a=rtpmap:%d %63s", &payload, audio_name) == 2) { data/osmo-mgw-1.7.0+dfsg1/src/libosmo-mgcp/mgcp_sdp.c:355:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "c=IN IP4 %15s", ipv4) == 1) { data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:585:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (conn_id && strlen(conn_id)) data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:677:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn_id_start += strlen(header_I); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:680:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn_id_start += strlen(header_o); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:688:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn_id_len = strlen(conn_id_start); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp/mgcp_test.c:696:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(conn_id, conn_id_start, conn_id_len); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:49:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(head); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:57:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(params); data/osmo-mgw-1.7.0+dfsg1/tests/mgcp_client/mgcp_client_test.c:68:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int l = strlen(str); ANALYSIS SUMMARY: Hits = 150 Lines analyzed = 15612 in approximately 0.63 seconds (24648 lines/second) Physical Source Lines of Code (SLOC) = 11034 Hits@level = [0] 209 [1] 46 [2] 91 [3] 3 [4] 10 [5] 0 Hits@level+ = [0+] 359 [1+] 150 [2+] 104 [3+] 13 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 32.5358 [1+] 13.5943 [2+] 9.42541 [3+] 1.17818 [4+] 0.90629 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.