Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/common.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/crc24.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/debug.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gb_proxy.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gb.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gb_parse.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm_attach.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_gmm_fsm.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_llc.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_llc_xid.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_mm_state_gb_fsm.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_mm_state_iu_fsm.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_ranap.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sm.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_comp.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_dcomp.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_pcomp.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sndcp_xid.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_utils.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gtphub.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/sgsn.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/signal.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/v42bis.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/v42bis_private.h
Examining data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/vty.h
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_ctrl.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_peer.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/crc24.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_gb_parse.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_llc_parse.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_utils.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_sock.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gb.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_fsm.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_vty.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_xid.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_gb_fsm.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_iu_fsm.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_comp.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_vty.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_ctrl.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c
Examining data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gprs/gprs_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/sndcp_xid/sndcp_xid_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c
Examining data/osmo-sgsn-1.6.2+dfsg1/tests/xid/xid_test.c
FINAL RESULTS:
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:999:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(pos, left, args); \
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:941:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out_apn_str, selected_apn_str);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:557:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mmctx->ggsn_lookup->apn_str, apn_str);
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:52:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(label "\n"); }
data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:293:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(#val " == " fmt "\n", (val)); \
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:187:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(packet_ascii, packets[i]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c:163:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:Dc:sTVe:",
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:431:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random() % 5, random() % 1000000);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:431:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random() % 5, random() % 1000000);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:273:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:Dc:sTe:r:V",
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:237:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "hd:Dc:sTVe:",
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:376:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:1199:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(1);
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEISV_NUM_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msisdn[GSM_EXTENSION_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hlr[GSM_EXTENSION_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buf[INET_ADDRSTRLEN]; \
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[OSMO_IMSI_BUF_SIZE];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_sgsn.h:441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gprs_subscriber.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imei[GSM23003_IMEISV_NUM_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/gtphub.h:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_oi_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h:133:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cs_ipopt[64];
data/osmo-sgsn-1.6.2+dfsg1/include/osmocom/sgsn/slhc.h:134:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cs_tcpopt[64];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_main.c:189:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[110];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[110];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str2[110];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(apn, peer->cfg->core_apn, peer->cfg->core_apn_size);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:164:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tlli_enc, &tlli_be, sizeof(tlli_be));
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptmsi_enc, &ptmsi_be, sizeof(ptmsi_be));
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:410:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char err_buf[300];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_patch.c:439:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c:272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(link_info->imsi, imsi, imsi_len);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_tlli.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:108:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[500] = {0};
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:159:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:206:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->core_plmn.mcc = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:382:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned int nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:423:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->clean_stale_timer_freq = (unsigned int) atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:459:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->tlli_max_age = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:482:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->tlli_max_len = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:519:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->stored_msgs_max_len = (uint32_t) atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:557:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:609:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint16_t nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:610:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint16_t bvci = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:633:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint16_t nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:704:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint16_t nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:774:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const uint16_t nsei = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:865:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->tlli_max_len = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/gprs/gprs_gb_parse.c:607:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_str[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[6];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:183:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(port_str);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[INET6_ADDRSTRLEN + 1];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ie->v, gsna->buf, (int)ie_l);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:452:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[17];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:487:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char apn_buf[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1006:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1040:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[512];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1168:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1174:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:1180:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[16];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2829:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(portbuf, "%u", port);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2861:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr->a, res->ai_addr, res->ai_addrlen);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2923:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub.c:2958:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst->a, &src->a, src->l);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_str[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_ni_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_oi_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_ares.c:102:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resolved_addr.buf, addr0, hostent->h_length);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:173:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "r");
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:197:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "w");
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:310:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:163:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b[GTPH_PLANE_CTRL].bind.port = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:165:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b[GTPH_PLANE_USER].bind.port = atoi(argv[3]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:211:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->proxy[GTPH_SIDE_GGSN][GTPH_PLANE_CTRL].port = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:213:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->proxy[GTPH_SIDE_GGSN][GTPH_PLANE_USER].port = atoi(argv[3]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:239:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->proxy[GTPH_SIDE_SGSN][GTPH_PLANE_CTRL].port = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:241:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->proxy[GTPH_SIDE_SGSN][GTPH_PLANE_USER].port = atoi(argv[3]);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:326:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix2[p2l];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:480:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_rand + 1, vec->rand, sizeof(vec->rand));
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:616:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_SRES), 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:625:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res+4, TLVP_VAL(&tp, GSM48_IE_GMM_AUTH_RES_EXT), l);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:719:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&msisdn[1], ctx->subscr->sgsn_data->msisdn,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:749:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hlr_number[1], ctx->subscr->sgsn_data->hlr,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmsi, mi+1, 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->ms_radio_access_capa.buf, ms_ra_acc_cap,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->ms_network_capa.buf, msnc, msnc_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1579:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1588:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmsi, mi+1, 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_string[GSM48_MI_SIZE];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmsi, mi+1, 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:312:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xid, response, response_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:345:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xid, xid_bytes, xid_bytes_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:395:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dup.qos_profile, qos_profile_default,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1041:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(llme->kc, mm->auth_triplet.vec.kc,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xid, xid_bytes, xid_bytes_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc.c:1179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xid, xid_bytes, xid_bytes_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_llc_xid.c:135:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + 1 + xl, xid_field->data, xid_field->data_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_mm_state_iu_fsm.c:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->lib->gsnlu.v, &item->transportLayerAddress->buf[3], 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:77:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->lib->gsnlu.v, item->transportLayerAddress->buf, 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_ranap.c:209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ggsn_ip, pdp->lib->gsnru.v, pdp->lib->gsnru.l);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:858:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char req_apn_str[GSM_APN_LENGTH] = {0};
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_str[GSM_APN_LENGTH] = { 0, };
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:423:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, packet + 12, 8);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, packet + 20, len - 20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags_debugmsg[256];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:140:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "FIN ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:142:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "SYN ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:144:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "RST ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:146:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "PSH ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:148:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "ACK ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:150:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(flags_debugmsg, "URG ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:240:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dqe->data, data, data_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, dqe->data, dqe->data_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:331:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expnd, npdu, npdu_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, fs->next_byte, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp.c:825:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expnd, npdu, npdu_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:57:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer->buf_pointer, pkt, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:68:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer->buf_pointer, buf, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data_o, compressed_data.len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_dcomp.c:245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_i, data, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:108:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_o, data, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data_o, compr_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_pcomp.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, data_o, compr_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c:508:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, payload_bytes, payload_bytes_len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sndcp_xid.c:1588:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp_field->comp,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:318:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdata->msisdn, gsup_msg->msisdn_enc,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:330:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sdata->hlr, gsup_msg->hlr_enc,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:386:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdp_data->qos_subscribed[0], pdp_info->qos_enc,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mccmnc[16];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:117:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdr_file = fopen(inst->cfg.cdr.filename, "a");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:138:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(eua_addr, "ETSI");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:148:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(eua_addr, "Unknown address");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apni[(pdp->lib ? pdp->lib->apn_use.l : 0) + 1];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ggsn_addr[INET_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgsn_addr[INET_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eua_addr[INET6_ADDRSTRLEN];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_cdr.c:227:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdr_file = fopen(inst->cfg.cdr.filename, "a");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->msisdn.v, mmctx->subscr->sgsn_data->msisdn,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:185:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->msisdn.v, dummy_msisdn, pdp->msisdn.l);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->eua.v, TLVP_VAL(tp, OSMO_IE_GSM_REQ_PDP_ADDR),
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->apn_use.v, TLVP_VAL(tp, GSM48_IE_GSM_APN), pdp->apn_use.l);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->pco_req.v, TLVP_VAL(tp, GSM48_IE_GSM_PROTO_CONF_OPT),
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pdp->qos_req.v[1], qos, pdp->qos_req.l - 1);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->qos_req.v, qos, pdp->qos_req.l);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->gsnlc.v, &sgsn->cfg.gtp_listenaddr.sin_addr,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:255:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->gsnlu.v, &sgsn->cfg.gtp_listenaddr.sin_addr,
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:466:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pdp->lib->gsnlu.v, addr, alen);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ud, packet, len);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_main.c:267:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
log_set_log_level(osmo_stderr_target, atoi(optarg));
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:139:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[INET6_ADDRSTRLEN + 10];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:150:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "IPv4 ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:156:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "IPv6 ");
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:340:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t id = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:353:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t id = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:355:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t port = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:365:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t id = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:368:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(argv[1]))
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:383:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t id = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:386:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ggc->echo_interval = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:402:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t id = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:470:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return add_apn_ggsn_mapping(vty, argv[0], "", atoi(argv[1]));
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:483:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return add_apn_ggsn_mapping(vty, argv[0], argv[1], atoi(argv[2]));
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apnbuf[APN_MAXLEN + 1];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imsi_sanitized[GSM23003_IMSI_MAX_DIGITS + 1];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expire_time[200];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:917:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int cksn = atoi(argv[1]) - 1;
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1157:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->gsup_server_port = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1170:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->oap.client_id = (uint16_t)atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1307:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->cdr.interval = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1331:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->pcomp_rfc1144.s01 = atoi(argv[0]) - 1;
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1383:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->dcomp_v42bis.p1 = atoi(argv[1]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1384:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->dcomp_v42bis.p2 = atoi(argv[2]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1405:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_cfg->iu.cs7_instance = atoi(argv[0]);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr,&val,sizeof(val));
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:256:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char new_seq[16];
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_ip,ip,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:517:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_tcp,th,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:544:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp,new_seq,deltaS); /* Write list of deltas */
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:545:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp+deltaS,icp+hlen,isize-hlen);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:556:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_ip,ip,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:557:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_tcp,th,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:559:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->cs_ipopt, ip+1, ((ip->ihl) - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->cs_tcpopt, th+1, ((th->doff) - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:564:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ocp, icp, isize);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:698:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, ip, 20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:702:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, cs->cs_ipopt, (ip->ihl - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:709:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, thp, 20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:713:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, cs->cs_tcpopt, ((thp->doff) - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:765:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_ip,icp,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:766:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cs->cs_tcp,icp + ihl*4,20);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:768:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->cs_ipopt, icp + sizeof(struct iphdr), (ihl - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/slhc.c:770:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cs->cs_tcpopt, icp + ihl*4 + sizeof(struct tcphdr), (cs->cs_tcp.doff - 5) * 4);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c:108:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->output_buf[s->output_octet_count], &buf[i], chunk);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/v42bis.c:116:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s->output_buf[s->output_octet_count], &buf[i], chunk);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:78:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &val, num);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mi_buf[200];
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:476:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[12] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:495:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[9] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:511:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[1] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:521:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[1] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:531:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[1] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:541:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[1] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:553:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[4096] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:561:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + 4, bssgp_msg, bssgp_msg_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:574:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[4096] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:593:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + 23, llc_msg, llc_msg_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:606:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[4096] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:629:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size, racap_drx, sizeof(racap_drx));
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:637:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size + 2, imsi, imsi_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:658:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size, llc_msg, llc_msg_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:671:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[18] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:688:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char msg[5] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:705:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[15] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:726:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[18] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:774:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[100] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size + 2, imsi, imsi_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:791:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size, drx_ie, sizeof(drx_ie));
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:801:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size, qos_ie, sizeof(qos_ie));
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:808:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg + bssgp_msg_size + 2, &ptmsi_be, 4);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:856:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char llc_msg[4096] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:873:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(llc_msg + 3, msg, msg_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:894:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char llc_msg[4096] = {
data/osmo-sgsn-1.6.2+dfsg1/tests/gbproxy/gbproxy_test.c:911:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(llc_msg + 3, msg, msg_size);
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:378:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolve_ggsn_got_imsi[GSM23003_IMSI_MAX_DIGITS+1];
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:379:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolve_ggsn_got_ni[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:638:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[4096];
data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, len);
data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:449:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->l2h, data, data_len);
data/osmo-sgsn-1.6.2+dfsg1/tests/sgsn/sgsn_test.c:1451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apn_str[GSM_APN_LENGTH];
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:72:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_o, data_i, len);
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_o, data_i, len);
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, packet + 12, 8);
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, packet + 20, len - 20);
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet_ascii[2048];
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, packet + 12, 8);
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:133:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 12, packet + 20, len - 20);
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer->buf_pointer, pkt, len);
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:201:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_buffer->buf_pointer, buf, len);
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uncompressed_original, testvec, len);
data/osmo-sgsn-1.6.2+dfsg1/src/gbproxy/gb_proxy_vty.c:278:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apn_len = strlen(apn);
data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c:84:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void setup_ares_osmo_fd(void *data, int fd, int read, int write)
data/osmo-sgsn-1.6.2+dfsg1/src/gprs/sgsn_ares.c:122:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read)
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:169:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
int umask_was = umask(022);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:207:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umask_was);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:214:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umask_was);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_main.c:222:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(umask_was);
data/osmo-sgsn-1.6.2+dfsg1/src/gtphub/gtphub_vty.c:325:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p2l = strlen(prefix) + 4 + 1;
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:841:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ctx->imei)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:846:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(ctx->imsi)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm.c:1058:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ctx->imsi) == 0) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c:51:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strlen(ctx->imsi)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_gmm_attach.c:109:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (type == GSM_MI_TYPE_IMEI && !strlen(ctx->imsi)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:647:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_req_len = strlen(name);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:653:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imsi_ref_len = strlen(actx->imsi_prefix);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:666:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_ref_len = strlen(name_ref_start);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:670:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_ref_len = strlen(name_ref_start);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:885:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(req_apn_str) == 0 && !allow_any_apn) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:922:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(req_apn_str) != 0) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sgsn.c:954:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(selected_apn_str == NULL || strlen(selected_apn_str) == 0)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_sm.c:545:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(apn_str) == 0)
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/gprs_subscriber.c:206:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gsup_msg->imsi) == 0 && subscr)
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_auth.c:126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(mmctx->imsi)) {
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_ctrl.c:41:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mm->imsi) == 0)
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_libgtp.c:115:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int imsi_len = strlen(str);
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:249:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(actx->imsi_prefix) > 0)
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:774:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gsub->imei) > 0)
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1185:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!k) || (strlen(k) == 0))
data/osmo-sgsn-1.6.2+dfsg1/src/sgsn/sgsn_vty.c:1220:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!opc) || (strlen(opc) == 0))
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:540:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(hex);
data/osmo-sgsn-1.6.2+dfsg1/tests/gtphub/gtphub_test.c:541:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int m = strlen(dump);
data/osmo-sgsn-1.6.2+dfsg1/tests/slhc/slhc_test.c:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OSMO_ASSERT(strlen(packets[i]) < sizeof(packet_ascii));
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:318:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uncompr_packets[packet_id]);
data/osmo-sgsn-1.6.2+dfsg1/tests/v42bis/v42bis_test.c:343:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(compr_packets[packet_id]);
ANALYSIS SUMMARY:
Hits = 289
Lines analyzed = 40267 in approximately 1.06 seconds (37897 lines/second)
Physical Source Lines of Code (SLOC) = 28976
Hits@level = [0] 334 [1] 34 [2] 242 [3] 7 [4] 6 [5] 0
Hits@level+ = [0+] 623 [1+] 289 [2+] 255 [3+] 13 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 21.5006 [1+] 9.97377 [2+] 8.80039 [3+] 0.448647 [4+] 0.207068 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.