Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pixiewps-1.4.2/src/config.h
Examining data/pixiewps-1.4.2/src/crypto/crypto_internal-modexp.c
Examining data/pixiewps-1.4.2/src/crypto/hmac_sha256.c
Examining data/pixiewps-1.4.2/src/crypto/tc/aes.c
Examining data/pixiewps-1.4.2/src/crypto/tc/aes_cbc.c
Examining data/pixiewps-1.4.2/src/crypto/tc/aes_cbc.h
Examining data/pixiewps-1.4.2/src/crypto/tc/aes_tab.c
Examining data/pixiewps-1.4.2/src/crypto/tc/sha256.c
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_argchk.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cfg.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_custom.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h
Examining data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_macros.h
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_2expt.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_add.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_cmp.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_cmp_d.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_cmp_mag.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_count_bits.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_div.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_div_2.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_div_2d.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_exptmod.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_invmod.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_lshd.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mod.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mod_2d.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_montgomery_calc_normalization.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_montgomery_reduce.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_montgomery_setup.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_2.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_2d.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_20.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_24.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_28.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_32.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_48.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_64.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_d.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_mulmod.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_read_unsigned_bin.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_reverse.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_rshd.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_set.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_20.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_24.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_28.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_32.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_48.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_64.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_generic.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_sub.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_to_unsigned_bin.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/fp_unsigned_bin_size.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/s_fp_add.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/s_fp_sub.c
Examining data/pixiewps-1.4.2/src/crypto/tfm/tfm.h
Examining data/pixiewps-1.4.2/src/crypto/tfm/tfm_private.h
Examining data/pixiewps-1.4.2/src/endianness.h
Examining data/pixiewps-1.4.2/src/pixiewps.c
Examining data/pixiewps-1.4.2/src/pixiewps.h
Examining data/pixiewps-1.4.2/src/random/glibc_random.c
Examining data/pixiewps-1.4.2/src/random/glibc_random_lazy.c
Examining data/pixiewps-1.4.2/src/random/glibc_random_old.c
Examining data/pixiewps-1.4.2/src/random/glibc_random_yura.c
Examining data/pixiewps-1.4.2/src/utils.h
Examining data/pixiewps-1.4.2/src/version.h
Examining data/pixiewps-1.4.2/src/wps.h
FINAL RESULTS:
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_macros.h:441:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_macros.h:441:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/pixiewps-1.4.2/src/pixiewps.c:438:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pin_copy, wps->pin);
data/pixiewps-1.4.2/src/pixiewps.c:443:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wps->pin, pin_copy);
data/pixiewps-1.4.2/src/pixiewps.c:622:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, v_usage, SHORT_VERSION,
data/pixiewps-1.4.2/src/pixiewps.c:698:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, usage, SHORT_VERSION, argv[0], wps->error);
data/pixiewps-1.4.2/src/pixiewps.h:51:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUG_PRINT(fmt, args...) do { printf("\n [DEBUG] %s:%4d:%s(): " fmt, \
data/pixiewps-1.4.2/src/pixiewps.c:489:8: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, option_string, long_options, &long_index);
data/pixiewps-1.4.2/src/pixiewps.c:687:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, option_string, long_options, &long_index);
data/pixiewps-1.4.2/src/crypto/tc/aes_cbc.c:60:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/pixiewps-1.4.2/src/crypto/tc/aes_cbc.c:120:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/pixiewps-1.4.2/src/crypto/tc/aes_cbc.c:124:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, tmp, left);
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:37:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[33][16];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:77:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char S[32], start;
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:90:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:91:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:123:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[10];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:264:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:282:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:296:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:318:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctr[MAXBLOCKSIZE],
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:334:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[16],
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:347:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PC[16][256][16];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:362:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:999:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kstream[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:1019:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kstream[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:1045:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[80];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:1069:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[16]; /* last keystream block containing unused bytes */
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_cipher.h:1086:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_custom.h:33:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define XMEMCPY memcpy
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_custom.h:60:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:35:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:43:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:51:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chksum[16], X[48], buf[16];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:89:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:113:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:121:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:131:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:143:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/pixiewps-1.4.2/src/crypto/tc/tomcrypt_hash.h:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1];
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_20.c:9:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 20 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_20.c:10:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+20, B->dp, 20 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_24.c:9:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 24 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_24.c:10:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+24, B->dp, 24 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_28.c:9:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 28 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_28.c:10:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+28, B->dp, 28 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_32.c:11:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 32 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_32.c:12:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+32, B->dp, 32 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_48.c:11:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 48 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_48.c:12:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+48, B->dp, 48 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_64.c:11:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 64 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_64.c:12:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+64, B->dp, 64 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:11:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 1 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:12:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+1, B->dp, 1 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:27:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 2 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:28:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+2, B->dp, 2 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:51:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 3 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:52:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+3, B->dp, 3 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:83:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 4 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:84:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+4, B->dp, 4 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 5 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:124:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+5, B->dp, 5 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:171:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 6 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:172:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+6, B->dp, 6 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:227:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 7 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:228:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+7, B->dp, 7 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:291:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 8 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:292:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+8, B->dp, 8 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:363:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 9 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:364:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+9, B->dp, 9 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:443:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 10 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:444:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+10, B->dp, 10 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:531:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 11 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:532:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+11, B->dp, 11 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:627:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 12 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:628:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+12, B->dp, 12 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:731:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 13 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:732:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+13, B->dp, 13 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:843:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 14 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:844:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+14, B->dp, 14 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:963:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 15 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:964:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+15, B->dp, 15 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:1091:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, A->dp, 16 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_mul_comba_small_set.c:1092:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at+16, B->dp, 16 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_20.c:216:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 40 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_24.c:256:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 48 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_28.c:296:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 56 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_32.c:336:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 64 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_48.c:496:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 96 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_64.c:656:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 128 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:27:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 2 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:56:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 4 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:95:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 6 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 8 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 10 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:272:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 12 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:351:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 14 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:440:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 16 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:539:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 18 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:648:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 20 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:767:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 22 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:896:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 24 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:1035:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 26 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:1184:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 28 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:1343:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 30 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/fp_sqr_comba_small_set.c:1512:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(B->dp, b, 32 * sizeof(fp_digit));
data/pixiewps-1.4.2/src/crypto/tfm/tfm.h:361:51: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define fp_copy(a, b) (void)(((a) != (b)) && memcpy((b), (a), sizeof(fp_int)))
data/pixiewps-1.4.2/src/pixiewps.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char testnonce[16] = {0};
data/pixiewps-1.4.2/src/pixiewps.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_control.randr_enonce, wps->e_nonce, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:378:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
be = end_htobe32(word0 >> 1); memcpy(ptr, &be, sizeof be);
data/pixiewps-1.4.2/src/pixiewps.c:379:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
be = end_htobe32(word1 >> 1); memcpy(ptr + 4, &be, sizeof be);
data/pixiewps-1.4.2/src/pixiewps.c:380:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
be = end_htobe32(word2 >> 1); memcpy(ptr + 8, &be, sizeof be);
data/pixiewps-1.4.2/src/pixiewps.c:381:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
be = end_htobe32(word3 >> 1); memcpy(ptr + 12, &be, sizeof be);
data/pixiewps-1.4.2/src/pixiewps.c:396:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[WPS_PIN_LEN + 1];
data/pixiewps-1.4.2/src/pixiewps.c:402:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_control.wps->e_s1, nonce_buf, sizeof nonce_buf);
data/pixiewps-1.4.2/src/pixiewps.c:403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_control.wps->pin, pin, sizeof pin);
data/pixiewps-1.4.2/src/pixiewps.c:411:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_control.wps->e_s1, nonce_buf, sizeof nonce_buf);
data/pixiewps-1.4.2/src/pixiewps.c:412:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(job_control.wps->pin, pin, sizeof pin);
data/pixiewps-1.4.2/src/pixiewps.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[WPS_PIN_LEN + 1];
data/pixiewps-1.4.2/src/pixiewps.c:428:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s1, nonce_buf, sizeof nonce_buf);
data/pixiewps-1.4.2/src/pixiewps.c:429:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->pin, pin, sizeof pin);
data/pixiewps-1.4.2/src/pixiewps.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin_copy[WPS_PIN_LEN + 1];
data/pixiewps-1.4.2/src/pixiewps.c:603:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/pixiewps-1.4.2/src/pixiewps.c:749:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, wps->e_nonce, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:750:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_NONCE_LEN, wps->e_bssid, WPS_BSSID_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:751:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_NONCE_LEN + WPS_BSSID_LEN, wps->r_nonce, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:758:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->authkey, buffer, WPS_AUTHKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:759:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->wrapkey, buffer + WPS_AUTHKEY_LEN, WPS_KEYWRAPKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->emsk, buffer + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN, WPS_EMSK_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:794:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s1, vtag->data, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:802:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s2, vtag->data, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:828:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, vtag->data, WPS_TAG_KEYWRAP_AUTH_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:848:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, vtag->data, tag_size);
data/pixiewps-1.4.2/src/pixiewps.c:860:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, vtag->data, tag_size);
data/pixiewps-1.4.2/src/pixiewps.c:1046:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, wps->e_nonce, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1047:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_NONCE_LEN, wps->e_bssid, WPS_BSSID_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1048:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_NONCE_LEN + WPS_BSSID_LEN, wps->r_nonce, WPS_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1057:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->authkey, buffer, WPS_AUTHKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1062:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->wrapkey, buffer + WPS_AUTHKEY_LEN, WPS_KEYWRAPKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1063:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->emsk, buffer + WPS_AUTHKEY_LEN + WPS_KEYWRAPKEY_LEN, WPS_EMSK_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1109:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s1, wps->e_nonce, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->e_s2, wps->e_nonce, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1260:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/pixiewps-1.4.2/src/pixiewps.c:1416:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/pixiewps-1.4.2/src/pixiewps.c:1557:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int check_pin_half(const struct hmac_ctx *hctx, const char pinhalf[4], uint8_t *psk, const uint8_t *es, struct global *wps, const uint8_t *ehash)
data/pixiewps-1.4.2/src/pixiewps.c:1563:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, es, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1564:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN, psk, WPS_PSK_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1565:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN + WPS_PSK_LEN, wps->pke, WPS_PKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1566:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN + WPS_PSK_LEN + WPS_PKEY_LEN, wps->pkr, WPS_PKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1578:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, es, WPS_SECRET_NONCE_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1579:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN, wps->empty_psk, WPS_PSK_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1580:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN + WPS_PSK_LEN, wps->pke, WPS_PKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + WPS_SECRET_NONCE_LEN + WPS_PSK_LEN + WPS_PKEY_LEN, wps->pkr, WPS_PKEY_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1594:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->psk1, wps->empty_psk, WPS_HASH_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1607:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->psk1, psk, sizeof psk);
data/pixiewps-1.4.2/src/pixiewps.c:1619:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->psk2, wps->empty_psk, WPS_HASH_LEN);
data/pixiewps-1.4.2/src/pixiewps.c:1623:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned second_half, first_half = atoi(pin);
data/pixiewps-1.4.2/src/pixiewps.c:1635:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->psk2, psk, sizeof psk);
data/pixiewps-1.4.2/src/pixiewps.c:1650:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wps->psk2, psk, sizeof psk);
data/pixiewps-1.4.2/src/pixiewps.h:69:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *p_mode_name[MODE_LEN + 1] = { "", "RT/MT/CL", "eCos simple", "RTL819x", "eCos simplest", "eCos Knuth" };
data/pixiewps-1.4.2/src/pixiewps.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pin[WPS_PIN_LEN + 1];
data/pixiewps-1.4.2/src/utils.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_month[3];
data/pixiewps-1.4.2/src/utils.h:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_year[5];
data/pixiewps-1.4.2/src/wps.h:114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &be, sizeof(uint32_t));
data/pixiewps-1.4.2/src/wps.h:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + sizeof(uint32_t), kdf_salt, sizeof(kdf_salt));
data/pixiewps-1.4.2/src/wps.h:117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + sizeof(uint32_t) + sizeof(kdf_salt), &be, sizeof(uint32_t));
data/pixiewps-1.4.2/src/wps.h:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(decrypted, encr + block_size, encr_len - block_size);
data/pixiewps-1.4.2/src/pixiewps.c:1624:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s_pin = pin + strlen(pin);
data/pixiewps-1.4.2/src/utils.h:29:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(in);
data/pixiewps-1.4.2/src/utils.h:66:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(in);
data/pixiewps-1.4.2/src/utils.h:117:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, o = 0, len = strlen(in);
data/pixiewps-1.4.2/src/utils.h:178:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(s);
ANALYSIS SUMMARY:
Hits = 182
Lines analyzed = 19473 in approximately 1.02 seconds (19053 lines/second)
Physical Source Lines of Code (SLOC) = 13560
Hits@level = [0] 98 [1] 5 [2] 168 [3] 2 [4] 7 [5] 0
Hits@level+ = [0+] 280 [1+] 182 [2+] 177 [3+] 9 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 20.649 [1+] 13.4218 [2+] 13.0531 [3+] 0.663717 [4+] 0.516224 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.