Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/common.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/crc24.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/debug.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gb_proxy.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gb.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gb_parse.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm_attach.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm_fsm.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_llc.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_llc_xid.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_mm_state_gb_fsm.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_mm_state_iu_fsm.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_ranap.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sm.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_comp.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_dcomp.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_pcomp.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_xid.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_utils.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gtphub.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/sgsn.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/signal.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/v42bis.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/v42bis_private.h Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/vty.h Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_ctrl.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_peer.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/crc24.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_gb_parse.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_llc_parse.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_utils.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_sock.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gb.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_fsm.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_vty.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_xid.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_gb_fsm.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_iu_fsm.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_comp.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_vty.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_ctrl.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gprs/gprs_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/sndcp_xid/sndcp_xid_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c Examining data/osmo-sgsn-1.6.2+dfsg1/tests/xid/xid_test.c FINAL RESULTS: data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:999:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l = snprintf(pos, left, args); \ data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:941:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out_apn_str, selected_apn_str); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:557:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mmctx->ggsn_lookup->apn_str, apn_str); data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:52:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(label "\n"); } data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:293:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(#val " == " fmt "\n", (val)); \ data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:187:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(packet_ascii, packets[i]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c:163:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hd:Dc:sTVe:", data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:431:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random() % 5, random() % 1000000); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:431:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random() % 5, random() % 1000000); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:273:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hd:Dc:sTe:r:V", data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:237:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "hd:Dc:sTVe:", data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:376:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:1199:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(1); data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[GSM23003_IMSI_MAX_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei[GSM23003_IMEISV_NUM_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msisdn[GSM_EXTENSION_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hlr[GSM_EXTENSION_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _buf[INET_ADDRSTRLEN]; \ data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[OSMO_IMSI_BUF_SIZE]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:441:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi[GSM23003_IMSI_MAX_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imei[GSM23003_IMEISV_NUM_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gtphub.h:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_oi_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h:133:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cs_ipopt[64]; data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h:134:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cs_tcpopt[64]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c:189:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str1[110]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:118:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str1[110]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str2[110]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(apn, peer->cfg->core_apn, peer->cfg->core_apn_size); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlli_enc, &tlli_be, sizeof(tlli_be)); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:194:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptmsi_enc, &ptmsi_be, sizeof(ptmsi_be)); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:410:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char err_buf[300]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c:272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(link_info->imsi, imsi, imsi_len); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c:404:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:108:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[500] = {0}; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:159:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:206:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->core_plmn.mcc = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:382:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:423:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->clean_stale_timer_freq = (unsigned int) atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:459:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->tlli_max_age = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:482:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->tlli_max_len = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:519:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->stored_msgs_max_len = (uint32_t) atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:609:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint16_t nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:610:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint16_t bvci = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:633:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint16_t nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:704:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint16_t nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:711:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:774:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const uint16_t nsei = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:865:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->tlli_max_len = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_gb_parse.c:607:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[6]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:183:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *port = atoi(port_str); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:215:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[INET6_ADDRSTRLEN + 1]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:294:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ie->v, gsna->buf, (int)ie_l); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:452:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[17]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:487:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char apn_buf[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1006:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1040:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[512]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1168:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1174:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1180:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2827:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portbuf[16]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2829:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(portbuf, "%u", port); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2861:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->a, res->ai_addr, res->ai_addrlen); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2923:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2958:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst->a, &src->a, src->l); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi_str[GSM23003_IMSI_MAX_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_ni_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_oi_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resolved_addr.buf, addr0, hostent->h_length); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:173:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(path, "r"); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:197:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(path, "w"); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:310:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:163:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b[GTPH_PLANE_CTRL].bind.port = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:165:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). b[GTPH_PLANE_USER].bind.port = atoi(argv[3]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:211:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->proxy[GTPH_SIDE_GGSN][GTPH_PLANE_CTRL].port = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:213:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->proxy[GTPH_SIDE_GGSN][GTPH_PLANE_USER].port = atoi(argv[3]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:239:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->proxy[GTPH_SIDE_SGSN][GTPH_PLANE_CTRL].port = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:241:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->proxy[GTPH_SIDE_SGSN][GTPH_PLANE_USER].port = atoi(argv[3]); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix2[p2l]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:480:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_rand + 1, vec->rand, sizeof(vec->rand)); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:616:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_SRES), 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:625:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res+4, TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_RES_EXT), l); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:719:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msisdn[1], ctx->subscr->sgsn_data->msisdn, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:749:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hlr_number[1], ctx->subscr->sgsn_data->hlr, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1031:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1201:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmsi, mi+1, 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->ms_radio_access_capa.buf, ms_ra_acc_cap, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1243:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->ms_network_capa.buf, msnc, msnc_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1579:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmsi, mi+1, 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1769:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_string[GSM48_MI_SIZE]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1818:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmsi, mi+1, 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:312:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xid, response, response_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xid, xid_bytes, xid_bytes_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:395:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dup.qos_profile, qos_profile_default, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1041:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(llme->kc, mm->auth_triplet.vec.kc, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1142:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xid, xid_bytes, xid_bytes_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xid, xid_bytes, xid_bytes_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_xid.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + 1 + xl, xid_field->data, xid_field->data_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_iu_fsm.c:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:73:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->lib->gsnlu.v, &item->transportLayerAddress->buf[3], 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:77:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->lib->gsnlu.v, item->transportLayerAddress->buf, 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ggsn_ip, pdp->lib->gsnru.v, pdp->lib->gsnru.l); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char req_apn_str[GSM_APN_LENGTH] = {0}; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_str[GSM_APN_LENGTH] = { 0, }; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:75:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, packet + 12, 8); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:79:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 12, packet + 20, len - 20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags_debugmsg[256]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:140:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "FIN "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:142:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "SYN "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:144:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "RST "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:146:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "PSH "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:148:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "ACK "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:150:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(flags_debugmsg, "URG "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dqe->data, data, data_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:308:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, dqe->data, dqe->data_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:331:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(expnd, npdu, npdu_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:597:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, fs->next_byte, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:825:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(expnd, npdu, npdu_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:57:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buffer->buf_pointer, pkt, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buffer->buf_pointer, buf, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:218:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, data_o, compressed_data.len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:245:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_i, data, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_o, data, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, data_o, compr_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:122:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, data_o, compr_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c:508:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, payload_bytes, payload_bytes_len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c:1588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(comp_field->comp, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:318:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sdata->msisdn, gsup_msg->msisdn_enc, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:330:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sdata->hlr, gsup_msg->hlr_enc, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:386:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mccmnc[16]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:117:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cdr_file = fopen(inst->cfg.cdr.filename, "a"); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:138:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(eua_addr, "ETSI"); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:148:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(eua_addr, "Unknown address"); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apni[(pdp->lib ? pdp->lib->apn_use.l : 0) + 1]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ggsn_addr[INET_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgsn_addr[INET_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eua_addr[INET6_ADDRSTRLEN]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:227:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cdr_file = fopen(inst->cfg.cdr.filename, "a"); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->msisdn.v, mmctx->subscr->sgsn_data->msisdn, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->msisdn.v, dummy_msisdn, pdp->msisdn.l); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->eua.v, TLVP_VAL(tp, OSMO_IE_GSM_REQ_PDP_ADDR), data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:213:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT), data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:233:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pdp->qos_req.v[1], qos, pdp->qos_req.l - 1); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:238:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->qos_req.v, qos, pdp->qos_req.l); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:247:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->gsnlc.v, &sgsn->cfg.gtp_listenaddr.sin_addr, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->gsnlu.v, &sgsn->cfg.gtp_listenaddr.sin_addr, data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:466:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdp->lib->gsnlu.v, addr, alen); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:655:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ud, packet, len); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:267:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_set_log_level(osmo_stderr_target, atoi(optarg)); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:139:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[INET6_ADDRSTRLEN + 10]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:150:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "IPv4 "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:156:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(str, "IPv6 "); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:340:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t id = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:353:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t id = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:355:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t port = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:365:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t id = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:368:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[1])) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:383:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t id = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:386:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ggc->echo_interval = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:402:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t id = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:470:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return add_apn_ggsn_mapping(vty, argv[0], "", atoi(argv[1])); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:483:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return add_apn_ggsn_mapping(vty, argv[0], argv[1], atoi(argv[2])); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apnbuf[APN_MAXLEN + 1]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS + 1]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:754:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire_time[200]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:917:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). const int cksn = atoi(argv[1]) - 1; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1157:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->gsup_server_port = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1170:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->oap.client_id = (uint16_t)atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1307:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->cdr.interval = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1331:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->pcomp_rfc1144.s01 = atoi(argv[0]) - 1; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1383:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->dcomp_v42bis.p1 = atoi(argv[1]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1384:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->dcomp_v42bis.p2 = atoi(argv[2]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1405:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g_cfg->iu.cs7_instance = atoi(argv[0]); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:99:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr,&val,sizeof(val)); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:256:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char new_seq[16]; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:516:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_ip,ip,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:517:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_tcp,th,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:544:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp,new_seq,deltaS); /* Write list of deltas */ data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:545:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp+deltaS,icp+hlen,isize-hlen); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:556:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_ip,ip,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:557:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_tcp,th,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:559:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cs->cs_ipopt, ip+1, ((ip->ihl) - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:561:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cs->cs_tcpopt, th+1, ((th->doff) - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:564:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ocp, icp, isize); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:698:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, ip, 20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:702:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, cs->cs_ipopt, (ip->ihl - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:709:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, thp, 20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:713:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, cs->cs_tcpopt, ((thp->doff) - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:765:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_ip,icp,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:766:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cs->cs_tcp,icp + ihl*4,20); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:768:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cs->cs_ipopt, icp + sizeof(struct iphdr), (ihl - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:770:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cs->cs_tcpopt, icp + ihl*4 + sizeof(struct tcphdr), (cs->cs_tcp.doff - 5) * 4); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c:108:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->output_buf[s->output_octet_count], &buf[i], chunk); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c:116:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->output_buf[s->output_octet_count], &buf[i], chunk); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &val, num); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:161:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mi_buf[200]; data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:476:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[12] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:495:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[9] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:511:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[1] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:521:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[1] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:531:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[1] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:541:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[1] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:553:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[4096] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:561:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + 4, bssgp_msg, bssgp_msg_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:574:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[4096] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:593:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + 23, llc_msg, llc_msg_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:606:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[4096] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:629:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size, racap_drx, sizeof(racap_drx)); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:637:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size + 2, imsi, imsi_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:658:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size, llc_msg, llc_msg_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:671:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[18] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:688:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char msg[5] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:705:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[15] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:726:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[18] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:774:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msg[100] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:787:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size + 2, imsi, imsi_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:791:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size, drx_ie, sizeof(drx_ie)); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:801:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size, qos_ie, sizeof(qos_ie)); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:808:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + bssgp_msg_size + 2, &ptmsi_be, 4); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:856:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char llc_msg[4096] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:873:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(llc_msg + 3, msg, msg_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:894:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char llc_msg[4096] = { data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:911:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(llc_msg + 3, msg, msg_size); data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:217:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:378:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolve_ggsn_got_imsi[GSM23003_IMSI_MAX_DIGITS+1]; data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:379:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolve_ggsn_got_ni[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:638:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:178:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->l2h, data, len); data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:449:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->l2h, data, data_len); data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:1451:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apn_str[GSM_APN_LENGTH]; data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:72:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_o, data_i, len); data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:86:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_o, data_i, len); data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, packet + 12, 8); data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:137:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 12, packet + 20, len - 20); data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packet_ascii[2048]; data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, packet + 12, 8); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 12, packet + 20, len - 20); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buffer->buf_pointer, pkt, len); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output_buffer->buf_pointer, buf, len); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:243:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uncompressed_original, testvec, len); data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:278:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). apn_len = strlen(apn); data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c:84:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). static void setup_ares_osmo_fd(void *data, int fd, int read, int write) data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c:122:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:169:18: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). int umask_was = umask(022); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:207:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask_was); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:214:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask_was); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:222:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask_was); data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:325:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int p2l = strlen(prefix) + 4 + 1; data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:841:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(ctx->imei)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:846:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(ctx->imsi)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1058:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ctx->imsi) == 0) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c:51:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strlen(ctx->imsi)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c:109:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (type == GSM_MI_TYPE_IMEI && !strlen(ctx->imsi)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:647:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_req_len = strlen(name); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:653:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). imsi_ref_len = strlen(actx->imsi_prefix); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:666:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_ref_len = strlen(name_ref_start); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:670:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_ref_len = strlen(name_ref_start); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:885:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(req_apn_str) == 0 && !allow_any_apn) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:922:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen(req_apn_str) != 0) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:954:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (selected_apn_str == NULL || strlen(selected_apn_str) == 0)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:545:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(apn_str) == 0) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:206:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gsup_msg->imsi) == 0 && subscr) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c:126:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(mmctx->imsi)) { data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_ctrl.c:41:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mm->imsi) == 0) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:115:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int imsi_len = strlen(str); data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:249:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(actx->imsi_prefix) > 0) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:774:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gsub->imei) > 0) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1185:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!k) || (strlen(k) == 0)) data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1220:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!opc) || (strlen(opc) == 0)) data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:540:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(hex); data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:541:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int m = strlen(dump); data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:186:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). OSMO_ASSERT(strlen(packets[i]) < sizeof(packet_ascii)); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:318:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(uncompr_packets[packet_id]); data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:343:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(compr_packets[packet_id]); ANALYSIS SUMMARY: Hits = 289 Lines analyzed = 40267 in approximately 1.06 seconds (37897 lines/second) Physical Source Lines of Code (SLOC) = 28976 Hits@level = [0] 334 [1] 34 [2] 242 [3] 7 [4] 6 [5] 0 Hits@level+ = [0+] 623 [1+] 289 [2+] 255 [3+] 13 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 21.5006 [1+] 9.97377 [2+] 8.80039 [3+] 0.448647 [4+] 0.207068 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.