Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tcpcrypt-0.5/unix/linux/priv.c
Examining data/tcpcrypt-0.5/unix/priv.c
Examining data/tcpcrypt-0.5/launchers/winlauncher/resource.h
Examining data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c
Examining data/tcpcrypt-0.5/launchers/TcpcryptLauncher/Classes/TcpcryptLauncherAppDelegate.h
Examining data/tcpcrypt-0.5/launchers/TcpcryptLauncher/Classes/TCTcpcryptController.h
Examining data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c
Examining data/tcpcrypt-0.5/win/priv.c
Examining data/tcpcrypt-0.5/include/tcpcrypt/tcpcrypt.h
Examining data/tcpcrypt-0.5/contrib/rijndael-alg-fst.c
Examining data/tcpcrypt-0.5/contrib/rijndael-alg-fst.h
Examining data/tcpcrypt-0.5/contrib/win_port.h
Examining data/tcpcrypt-0.5/contrib/cmac.c
Examining data/tcpcrypt-0.5/contrib/ocb.c
Examining data/tcpcrypt-0.5/contrib/cmac.h
Examining data/tcpcrypt-0.5/contrib/rijndael-alg-fst-ni.c
Examining data/tcpcrypt-0.5/contrib/umac.c
Examining data/tcpcrypt-0.5/contrib/ocb.h
Examining data/tcpcrypt-0.5/contrib/umac.h
Examining data/tcpcrypt-0.5/lib/sockopt.c
Examining data/tcpcrypt-0.5/shared/socket_address.h
Examining data/tcpcrypt-0.5/shared/socket_address.c
Examining data/tcpcrypt-0.5/util/tcnetstat.c
Examining data/tcpcrypt-0.5/util/tcs.c
Examining data/tcpcrypt-0.5/tests/hmac.c
Examining data/tcpcrypt-0.5/src/checksum.c
Examining data/tcpcrypt-0.5/src/crypto_reg.c
Examining data/tcpcrypt-0.5/src/linux.c
Examining data/tcpcrypt-0.5/src/inc.h
Examining data/tcpcrypt-0.5/src/profile.h
Examining data/tcpcrypt-0.5/src/crypto_dummy.c
Examining data/tcpcrypt-0.5/src/crypto_rsa.c
Examining data/tcpcrypt-0.5/src/priv.h
Examining data/tcpcrypt-0.5/src/crypto_ecdhe.c
Examining data/tcpcrypt-0.5/src/tcpcryptd.h
Examining data/tcpcrypt-0.5/src/resource.h
Examining data/tcpcrypt-0.5/src/tcpcryptd.c
Examining data/tcpcrypt-0.5/src/tcpcrypt.h
Examining data/tcpcrypt-0.5/src/cygwin.c
Examining data/tcpcrypt-0.5/src/profile.c
Examining data/tcpcrypt-0.5/src/util.c
Examining data/tcpcrypt-0.5/src/crypto_hkdf.c
Examining data/tcpcrypt-0.5/src/checksum.h
Examining data/tcpcrypt-0.5/src/test.h
Examining data/tcpcrypt-0.5/src/freebsd.c
Examining data/tcpcrypt-0.5/src/unix.c
Examining data/tcpcrypt-0.5/src/crypto_hmac.c
Examining data/tcpcrypt-0.5/src/crypto_aes.c
Examining data/tcpcrypt-0.5/src/mingw.c
Examining data/tcpcrypt-0.5/src/tcpcrypt_divert.h
Examining data/tcpcrypt-0.5/src/test.c
Examining data/tcpcrypt-0.5/src/crypto.h
Examining data/tcpcrypt-0.5/src/tcpcrypt_ctl.h
Examining data/tcpcrypt-0.5/src/rdr.c
Examining data/tcpcrypt-0.5/src/tcpcrypt.c
Examining data/tcpcrypt-0.5/src/util.h
Examining data/tcpcrypt-0.5/src/crypto.c
Examining data/tcpcrypt-0.5/src/tcpcrypt_strings.h
Examining data/tcpcrypt-0.5/src/crypto_umac.c
FINAL RESULTS:
data/tcpcrypt-0.5/src/tcpcryptd.c:923:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(path, 0777) != 0)
data/tcpcrypt-0.5/contrib/win_port.h:151:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/contrib/win_port.h:162:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/contrib/win_port.h:175:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/contrib/win_port.h:188:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:36:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(ipfw_cmds[i]))
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:72:6: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execl(tcpcryptd, "tcpcryptd", "-e", "-u", ":65531", NULL) == -1)
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:128:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system(cmd))
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:69:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:286:19: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (((long long) ShellExecute(NULL, (LPCTSTR) "open",
data/tcpcrypt-0.5/shared/socket_address.c:85:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(error, error_len, __VA_ARGS__); \
data/tcpcrypt-0.5/shared/socket_address.c:91:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = snprintf(error, error_len, __VA_ARGS__); \
data/tcpcrypt-0.5/src/crypto.c:23:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_init(int sz)
data/tcpcrypt-0.5/src/crypto.c:25:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c = xmalloc(sizeof(*c));
data/tcpcrypt-0.5/src/crypto.h:22:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt {
data/tcpcrypt-0.5/src/crypto.h:24:27: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
void (*c_destroy)(struct crypt *c);
data/tcpcrypt-0.5/src/crypto.h:25:26: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_set_key)(struct crypt *c, void *key, int len);
data/tcpcrypt-0.5/src/crypto.h:26:26: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_get_key)(struct crypt *c, void **out);
data/tcpcrypt-0.5/src/crypto.h:27:23: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
void (*c_mac)(struct crypt *, const struct iovec *iov, int num, void *out,
data/tcpcrypt-0.5/src/crypto.h:29:27: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
void (*c_extract)(struct crypt *c, struct iovec *iov, int num,
data/tcpcrypt-0.5/src/crypto.h:31:26: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
void (*c_expand)(struct crypt *c, void *tag, int taglen,
data/tcpcrypt-0.5/src/crypto.h:33:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_encrypt)(struct crypt *c, void *iv, void *data, int len);
data/tcpcrypt-0.5/src/crypto.h:34:26: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_decrypt)(struct crypt *c, void *iv, void *data, int len);
data/tcpcrypt-0.5/src/crypto.h:35:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_aead_encrypt)(struct crypt *c, void *iv, void *aad,
data/tcpcrypt-0.5/src/crypto.h:37:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_aead_decrypt)(struct crypt *c, void *iv, void *aad,
data/tcpcrypt-0.5/src/crypto.h:39:30: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
int (*c_compute_key)(struct crypt *c, void *out);
data/tcpcrypt-0.5/src/crypto.h:42:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_HMAC_SHA256_new(void);
data/tcpcrypt-0.5/src/crypto.h:43:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_HKDF_SHA256_new(void);
data/tcpcrypt-0.5/src/crypto.h:44:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_AES128_new(void);
data/tcpcrypt-0.5/src/crypto.h:45:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_AES256_new(void);
data/tcpcrypt-0.5/src/crypto.h:46:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_RSA_new(void);
data/tcpcrypt-0.5/src/crypto.h:47:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_ECDHE256_new(void);
data/tcpcrypt-0.5/src/crypto.h:48:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_ECDHE521_new(void);
data/tcpcrypt-0.5/src/crypto.h:50:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
extern struct crypt *crypt_init(int sz);
data/tcpcrypt-0.5/src/crypto.h:54:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline void crypt_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto.h:59:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline int crypt_set_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto.h:64:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline int crypt_get_key(struct crypt *c, void **out)
data/tcpcrypt-0.5/src/crypto.h:69:37: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline void crypt_mac(struct crypt *c, struct iovec *iov, int num,
data/tcpcrypt-0.5/src/crypto.h:75:39: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline void *crypt_priv(struct crypt *c)
data/tcpcrypt-0.5/src/crypto.h:80:41: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline void crypt_extract(struct crypt *c, struct iovec *iov, int num,
data/tcpcrypt-0.5/src/crypto.h:86:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline void crypt_expand(struct crypt *c, void *tag, int taglen,
data/tcpcrypt-0.5/src/crypto.h:92:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline int crypt_encrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto.h:97:40: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline int crypt_decrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto.h:102:44: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static inline int crypt_compute_key(struct crypt *c, void *out)
data/tcpcrypt-0.5/src/crypto.h:120:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *cp_hkdf;
data/tcpcrypt-0.5/src/crypto.h:121:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *cp_pub;
data/tcpcrypt-0.5/src/crypto.h:142:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *cs_cipher;
data/tcpcrypt-0.5/src/crypto.h:143:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *cs_mac;
data/tcpcrypt-0.5/src/crypto.h:144:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *cs_ack_mac;
data/tcpcrypt-0.5/src/crypto_aes.c:26:27: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void do_aes(struct crypt *c, void *iv, void *data, int len, int enc)
data/tcpcrypt-0.5/src/crypto_aes.c:123:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int aes_encrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_aes.c:130:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int aes_decrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_aes.c:137:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int aes_set_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto_aes.c:149:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void aes_ack_mac(struct crypt *c, const struct iovec *iov, int num, void *out,
data/tcpcrypt-0.5/src/crypto_aes.c:165:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void aes_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto_aes.c:175:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int aes_aead_encrypt(struct crypt *c, void *iv, void *aad, int aadlen,
data/tcpcrypt-0.5/src/crypto_aes.c:208:36: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int aes_aead_decrypt(struct crypt *c, void *iv, void *aad, int aadlen,
data/tcpcrypt-0.5/src/crypto_aes.c:239:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static struct crypt *crypt_AES_new(const EVP_CIPHER *evp)
data/tcpcrypt-0.5/src/crypto_aes.c:242:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/crypto_aes.c:270:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_AES128_new(void)
data/tcpcrypt-0.5/src/crypto_aes.c:275:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_AES256_new(void)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:30:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int set_peer_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:57:34: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void ecdhe_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:77:37: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int ecdhe_compute_key(struct crypt *c, void *out)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:87:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int ecdhe_encrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:102:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int ecdhe_decrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:119:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int ecdhe_get_key(struct crypt *c, void **out)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:128:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int ecdhe_set_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:133:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static struct crypt *crypt_ECDHE_new(int nid)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:136:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/crypto_ecdhe.c:173:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_ECDHE256_new(void)
data/tcpcrypt-0.5/src/crypto_ecdhe.c:178:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_ECDHE521_new(void)
data/tcpcrypt-0.5/src/crypto_hkdf.c:20:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *hk_hmac;
data/tcpcrypt-0.5/src/crypto_hkdf.c:23:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void hkdf_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto_hkdf.c:35:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int hkdf_set_key(struct crypt *c, void *data, int len)
data/tcpcrypt-0.5/src/crypto_hkdf.c:44:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void hkdf_extract(struct crypt *c, struct iovec *iov, int num,
data/tcpcrypt-0.5/src/crypto_hkdf.c:52:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void hkdf_expand(struct crypt *c, void *tag, int taglen, void *out,
data/tcpcrypt-0.5/src/crypto_hkdf.c:86:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_HKDF_SHA256_new(void)
data/tcpcrypt-0.5/src/crypto_hkdf.c:89:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/crypto_hmac.c:44:33: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void hmac_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto_hmac.c:56:29: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void hmac_mac(struct crypt *c, const struct iovec *iov, int num,
data/tcpcrypt-0.5/src/crypto_hmac.c:92:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int hmac_set_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto_hmac.c:104:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_HMAC_SHA256_new(void)
data/tcpcrypt-0.5/src/crypto_hmac.c:107:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/crypto_reg.c:18:48: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static struct crypt_pub *ECDHE_HKDF_new(struct crypt*(*ctr)(void), int klen)
data/tcpcrypt-0.5/src/crypto_reg.c:46:45: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static struct crypt_sym *AES_GCM_new(struct crypt*(*ctr)(void), int mlen,
data/tcpcrypt-0.5/src/crypto_rsa.c:76:32: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static void rsa_destroy(struct crypt *c)
data/tcpcrypt-0.5/src/crypto_rsa.c:92:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int rsa_encrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_rsa.c:111:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int rsa_decrypt(struct crypt *c, void *iv, void *data, int len)
data/tcpcrypt-0.5/src/crypto_rsa.c:134:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int rsa_get_key(struct crypt *c, void **out)
data/tcpcrypt-0.5/src/crypto_rsa.c:145:31: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static int rsa_set_key(struct crypt *c, void *key, int len)
data/tcpcrypt-0.5/src/crypto_rsa.c:169:8: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *crypt_RSA_new(void)
data/tcpcrypt-0.5/src/crypto_rsa.c:172:16: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/profile.c:168:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, "%" PRIu64, s->u.s_tsc);
data/tcpcrypt-0.5/src/rdr.c:164:12: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!(f = popen(buf, "r")))
data/tcpcrypt-0.5/src/tcpcrypt.c:1552:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c = tc->tc_key_active->tc_alg_tx->cs_cipher;
data/tcpcrypt-0.5/src/tcpcrypt.c:2658:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c = tc->tc_key_active->tc_alg_rx->cs_cipher;
data/tcpcrypt-0.5/src/tcpcryptd.c:1032:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/src/tcpcryptd.c:1062:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, ap);
data/tcpcrypt-0.5/src/test.c:23:15: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
static struct crypt *setup_cipher(int type, int id, int mac)
data/tcpcrypt-0.5/src/test.c:29:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *ci;
data/tcpcrypt-0.5/src/test.c:69:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/test.c:104:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt *c;
data/tcpcrypt-0.5/src/test.c:159:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, inet_ntoa(ip->ip_src));
data/tcpcrypt-0.5/tests/hmac.c:89:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
struct crypt* c = NULL;
data/tcpcrypt-0.5/util/tcnetstat.c:56:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(src, "%s:%d", inet_ntoa(n->tn_sip), ntohs(n->tn_sport));
data/tcpcrypt-0.5/util/tcnetstat.c:57:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dst, "%s:%d", inet_ntoa(n->tn_dip), ntohs(n->tn_dport));
data/tcpcrypt-0.5/util/tcs.c:207:9: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
crypt,
data/tcpcrypt-0.5/src/tcpcrypt.c:4148:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/tcpcrypt-0.5/src/tcpcryptd.c:1175:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc, argv, "hp:vdu:camnPt:T:S:Dx:NC:M:r:Rifs:VU:J:e"))
data/tcpcrypt-0.5/unix/priv.c:34:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(dir) < 0)
data/tcpcrypt-0.5/contrib/cmac.c:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k1[EVP_MAX_BLOCK_LENGTH];
data/tcpcrypt-0.5/contrib/cmac.c:65:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k2[EVP_MAX_BLOCK_LENGTH];
data/tcpcrypt-0.5/contrib/cmac.c:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
data/tcpcrypt-0.5/contrib/cmac.c:69:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
data/tcpcrypt-0.5/contrib/cmac.c:127:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH];
data/tcpcrypt-0.5/contrib/cmac.c:183:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
data/tcpcrypt-0.5/contrib/cmac.c:203:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->last_block, data, dlen);
data/tcpcrypt-0.5/contrib/ocb.c:60:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char block[16];
data/tcpcrypt-0.5/contrib/ocb.c:145:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16] = {0,};
data/tcpcrypt-0.5/contrib/ocb.c:163:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->L + i, tmp, 16); /* Copy tmp to L[i] */
data/tcpcrypt-0.5/contrib/ocb.c:171:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, key->L, 16);
data/tcpcrypt-0.5/contrib/ocb.c:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key->L_inv, tmp, 16);
data/tcpcrypt-0.5/contrib/ocb.c:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16]; /* temporary buffer */
data/tcpcrypt-0.5/contrib/ocb.c:238:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, in_blk + i, in_len);
data/tcpcrypt-0.5/contrib/ocb.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp2, pt_blk + i, pt_len);
data/tcpcrypt-0.5/contrib/ocb.c:318:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ct_blk + i, tmp2, pt_len);
data/tcpcrypt-0.5/contrib/ocb.c:322:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, pt_blk + i, pt_len);
data/tcpcrypt-0.5/contrib/ocb.c:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, tmp, key->tag_len);
data/tcpcrypt-0.5/contrib/ocb.c:407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp2, ct_blk + i, ct_len);
data/tcpcrypt-0.5/contrib/ocb.c:409:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt_blk + i, tmp, ct_len);
data/tcpcrypt-0.5/contrib/umac.c:258:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,AES_BLOCK_LEN);
data/tcpcrypt-0.5/contrib/umac.c:265:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_buf,out_buf,nbytes);
data/tcpcrypt-0.5/contrib/umac.c:1145:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data+j, buf, i);
data/tcpcrypt-0.5/contrib/umac.c:1160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hc->data + j, buf, nbytes);
data/tcpcrypt-0.5/contrib/umac.c:1656:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->poly_key_8+i, buf+24*i, 8);
data/tcpcrypt-0.5/contrib/umac.c:1666:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ahc->ip_keys+4*i, buf+(8*i+4)*sizeof(UINT64),
data/tcpcrypt-0.5/contrib/umac.c:1915:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int umac_final(umac_ctx_t ctx, char tag[], char nonce[8])
data/tcpcrypt-0.5/contrib/umac.c:1939:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[8])
data/tcpcrypt-0.5/contrib/umac.c:2004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[21] = {0};
data/tcpcrypt-0.5/contrib/umac.c:2005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag2[21] = {0};
data/tcpcrypt-0.5/contrib/umac.c:2062:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[8] = {0};
data/tcpcrypt-0.5/contrib/umac.c:2063:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[UMAC_OUTPUT_LEN+1] = {0}; /* extra char for null terminator */
data/tcpcrypt-0.5/contrib/umac.h:65:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int umac_final(umac_ctx_t ctx, char tag[], char nonce[8]);
data/tcpcrypt-0.5/contrib/umac.h:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[8]);
data/tcpcrypt-0.5/contrib/umac.h:86:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uhash_ctx_t uhash_alloc(char key[16]);
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char work_dir[4096];
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:22:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pf[4096];
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tcpcryptd[4096];
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:51:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfile, O_CREAT | O_TRUNC | O_WRONLY | O_NOFOLLOW, 0600);
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:82:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfile, O_RDONLY | O_NOFOLLOW);
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[_MAX_PATH];
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[1024];
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[_MAX_PATH];
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:257:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_nid[0].szTip, "tcpcrypt off");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_nid[1], &_nid[0], sizeof(*_nid));
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:265:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_nid[1].szTip, "tcpcrypt ON");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[1024];
data/tcpcrypt-0.5/lib/sockopt.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[error_len];
data/tcpcrypt-0.5/lib/sockopt.c:66:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&_conf.cf_sa, &sa, sizeof(sa));
data/tcpcrypt-0.5/lib/sockopt.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(crap + len, optval, *optlen);
data/tcpcrypt-0.5/lib/sockopt.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1001];
data/tcpcrypt-0.5/lib/sockopt.c:273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optval, crap + sizeof(*ctl), *optlen);
data/tcpcrypt-0.5/lib/sockopt.c:308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lame[2048];
data/tcpcrypt-0.5/lib/sockopt.c:313:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lame, &optname, sizeof(int));
data/tcpcrypt-0.5/lib/sockopt.c:315:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&lame[sizeof(int)], optval, optlen);
data/tcpcrypt-0.5/lib/sockopt.c:325:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lame[2048];
data/tcpcrypt-0.5/lib/sockopt.c:331:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lame, &optname, sizeof(int));
data/tcpcrypt-0.5/lib/sockopt.c:338:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(optval, lame, *optlen);
data/tcpcrypt-0.5/lib/sockopt.c:395:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char static_sessid[512]; /* TODO: len */
data/tcpcrypt-0.5/lib/sockopt.c:396:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/lib/sockopt.c:429:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&static_sessid[i*2], "%.2X", n->tn_sid[i]);
data/tcpcrypt-0.5/shared/socket_address.c:110:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = atoi(fd_str);
data/tcpcrypt-0.5/shared/socket_address.c:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sun->sun_path, descr, path_len);
data/tcpcrypt-0.5/shared/socket_address.c:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sun->sun_path[1], name, len);
data/tcpcrypt-0.5/src/crypto_aes.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ap->ap_key, key, len);
data/tcpcrypt-0.5/src/crypto_aes.c:153:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[BLEN];
data/tcpcrypt-0.5/src/crypto_aes.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, iov->iov_base, iov->iov_len);
data/tcpcrypt-0.5/src/crypto_ecdhe.c:94:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tp->ec_bin, tp->ec_bin_len);
data/tcpcrypt-0.5/src/crypto_hmac.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, o, *outlen);
data/tcpcrypt-0.5/src/crypto_rsa.c:106:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, out, sz);
data/tcpcrypt-0.5/src/crypto_rsa.c:129:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, out, rc);
data/tcpcrypt-0.5/src/crypto_umac.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nonce[8];
data/tcpcrypt-0.5/src/cygwin.c:28:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char p_buf[2048];
data/tcpcrypt-0.5/src/cygwin.c:319:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/src/cygwin.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->p_buf[MAC_SIZE], data, len);
data/tcpcrypt-0.5/src/freebsd.c:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/src/linux.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tcpcrypt-0.5/src/linux.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/tcpcrypt-0.5/src/mingw.c:23:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/src/profile.c:158:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/tcpcrypt-0.5/src/profile.c:162:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u.%u",
data/tcpcrypt-0.5/src/rdr.c:49:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_ifname[24]; /* interface name */
data/tcpcrypt-0.5/src/rdr.c:55:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_cmdname[20]; /* command name */
data/tcpcrypt-0.5/src/rdr.c:60:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_ecmdname[20]; /* "effective command name" */
data/tcpcrypt-0.5/src/rdr.c:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/src/rdr.c:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/tcpcrypt-0.5/src/rdr.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tcpcrypt-0.5/src/rdr.c:184:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((sock->to.sin_port = htons(atoi(p))) == 0)
data/tcpcrypt-0.5/src/rdr.c:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char crap[1024];
data/tcpcrypt-0.5/src/rdr.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[17];
data/tcpcrypt-0.5/src/rdr.c:505:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sock->to, &to, sizeof(to));
data/tcpcrypt-0.5/src/rdr.c:545:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sock->buf, ip, len);
data/tcpcrypt-0.5/src/rdr.c:577:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2049];
data/tcpcrypt-0.5/src/rdr.c:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ip, len);
data/tcpcrypt-0.5/src/rdr.c:764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PCAP_ERRBUF_SIZE];
data/tcpcrypt-0.5/src/rdr.c:795:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PCAP_ERRBUF_SIZE];
data/tcpcrypt-0.5/src/tcpcrypt.c:43:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c_spec[4];
data/tcpcrypt-0.5/src/tcpcrypt.c:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, sp, sz);
data/tcpcrypt-0.5/src/tcpcrypt.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(*dst));
data/tcpcrypt-0.5/src/tcpcrypt.c:965:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, data, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:1100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eno->toe_opts, tc->tc_ciphers_pkey, tc->tc_ciphers_pkey_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:1117:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sopt, &ts->ts_sid.s_data, sizeof(*sopt));
data/tcpcrypt-0.5/src/tcpcrypt.c:1153:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(eno->toe_opts, &tc->tc_cipher_pkey, sizeof(tc->tc_cipher_pkey));
data/tcpcrypt-0.5/src/tcpcrypt.c:1408:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tc->tc_ciphers_sym, tc->tc_ciphers_sym_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:1411:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tc->tc_nonce, tc->tc_nonce_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:1414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, key, klen);
data/tcpcrypt-0.5/src/tcpcrypt.c:1422:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_init1, init1, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:1902:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_pub_cipher_list, a, tc->tc_pub_cipher_list_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_sym_cipher_list, a, tc->tc_sym_cipher_list_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kxs, tc->tc_nonce, tc->tc_nonce_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2332:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_init1, i1, dlen);
data/tcpcrypt-0.5/src/tcpcrypt.c:2336:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_pms, pms, pmsl);
data/tcpcrypt-0.5/src/tcpcrypt.c:2340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_nonce, nonce, nonce_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2412:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i2->i2_data, kxs, cipherlen);
data/tcpcrypt-0.5/src/tcpcrypt.c:2415:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i2->i2_data, tc->tc_nonce, tc->tc_nonce_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2419:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_init2, i2, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2483:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tc->tc_cipher_sym, s, sizeof(*s));
data/tcpcrypt-0.5/src/tcpcrypt.c:2512:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_init2, i2, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:2521:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tc->tc_pms, nonce, nlen);
data/tcpcrypt-0.5/src/tcpcrypt.c:2531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/tcpcrypt-0.5/src/tcpcrypt.c:3187:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/src/tcpcrypt.c:3429:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(peer->tc_rdr_buf, ip, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:3737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, val, *vallen);
data/tcpcrypt-0.5/src/tcpcrypt.c:3745:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(val, p, len);
data/tcpcrypt-0.5/src/tcpcrypt.c:3805:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, tc->tc_sid.s_data, tc->tc_sid.s_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:3935:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->tn_sid, tc->tc_sid.s_data, tc->tc_sid.s_len);
data/tcpcrypt-0.5/src/tcpcrypt.c:4062:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->c_spec,
data/tcpcrypt-0.5/src/tcpcrypt.c:4125:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(path, "r"))) {
data/tcpcrypt-0.5/src/tcpcrypt.c:4131:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(path, "r"))) {
data/tcpcrypt-0.5/src/tcpcrypt.c:4133:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(path, "r"))) {
data/tcpcrypt-0.5/src/tcpcrypt.h:249:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_opt[40];
data/tcpcrypt-0.5/src/tcpcrypt.h:255:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_init1[1500];
data/tcpcrypt-0.5/src/tcpcrypt.h:257:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_init2[1500];
data/tcpcrypt-0.5/src/tcpcrypt.h:259:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_pms[128];
data/tcpcrypt-0.5/src/tcpcrypt.h:261:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_eno[1500];
data/tcpcrypt-0.5/src/tcpcrypt.h:266:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tc_rdr_buf[4096];
data/tcpcrypt-0.5/src/tcpcrypt_divert.h:17:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(int port, divert_cb cb);
data/tcpcrypt-0.5/src/tcpcryptd.c:305:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->bc_sa, sa, sizeof(*sa));
data/tcpcrypt-0.5/src/tcpcryptd.c:306:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->bc_ctl, c, sizeof(*c));
data/tcpcrypt-0.5/src/tcpcryptd.c:307:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->bc_ctl.tcc_data, c->tcc_data, c->tcc_dlen);
data/tcpcrypt-0.5/src/tcpcryptd.c:365:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4096];
data/tcpcrypt-0.5/src/tcpcryptd.c:558:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sid[1024];
data/tcpcrypt-0.5/src/tcpcryptd.c:609:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tcpcrypt-0.5/src/tcpcryptd.c:642:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->nt_flags = atoi(&buf[rc - 1]);
data/tcpcrypt-0.5/src/tcpcryptd.c:899:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[error_len];
data/tcpcrypt-0.5/src/tcpcryptd.c:907:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1000];
data/tcpcrypt-0.5/src/tcpcryptd.c:967:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_state.s_divert = _divert->open(_conf.cf_divert, packet_handler);
data/tcpcrypt-0.5/src/tcpcryptd.c:1195:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_conf.cf_mac = atoi(optarg);
data/tcpcrypt-0.5/src/tcpcryptd.c:1199:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_conf.cf_cipher = atoi(optarg);
data/tcpcrypt-0.5/src/tcpcryptd.c:1211:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile_setopt(PROFILE_TIME_SOURCE, atoi(optarg));
data/tcpcrypt-0.5/src/tcpcryptd.c:1223:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_conf.cf_test = atoi(optarg);
data/tcpcrypt-0.5/src/tcpcryptd.c:1255:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
_conf.cf_divert = atoi(optarg);
data/tcpcrypt-0.5/src/tcpcryptd.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p_params[MAX_PARAM];
data/tcpcrypt-0.5/src/test.c:99:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(p);
data/tcpcrypt-0.5/src/test.c:110:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[1024];
data/tcpcrypt-0.5/src/test.c:137:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[16];
data/tcpcrypt-0.5/src/test.c:138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flagz[16];
data/tcpcrypt-0.5/src/unix.c:42:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_ifname[24]; /* interface name */
data/tcpcrypt-0.5/src/unix.c:48:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_cmdname[20]; /* command name */
data/tcpcrypt-0.5/src/unix.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkt_ecmdname[20]; /* "effective command name" */
data/tcpcrypt-0.5/src/unix.c:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char copy[4096];
data/tcpcrypt-0.5/src/unix.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, data, len);
data/tcpcrypt-0.5/src/unix.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PCAP_ERRBUF_SIZE];
data/tcpcrypt-0.5/tests/hmac.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac[32];
data/tcpcrypt-0.5/util/tcnetstat.c:38:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/util/tcnetstat.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[64];
data/tcpcrypt-0.5/util/tcnetstat.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[64];
data/tcpcrypt-0.5/util/tcs.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tcpcrypt-0.5/util/tcs.c:234:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2048];
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:150:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(action, start, strlen(start)) == 0) {
data/tcpcrypt-0.5/launchers/TcpcryptLauncher/tcpcryptd_wrapper.c:153:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(action, stop, strlen(stop)) == 0) {
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:97:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), sizeof(cmd) - strlen(cmd), "tcpcryptd.exe");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:97:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), sizeof(cmd) - strlen(cmd), "tcpcryptd.exe");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:137:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), sizeof(cmd) - strlen(cmd), "tcnetstat.exe");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:137:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cmd + strlen(cmd), sizeof(cmd) - strlen(cmd), "tcnetstat.exe");
data/tcpcrypt-0.5/launchers/winlauncher/tcpcrypt.c:190:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(cmd);
data/tcpcrypt-0.5/shared/socket_address.c:44:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, sa->addr.un.sun_path, n);
data/tcpcrypt-0.5/shared/socket_address.c:128:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(descr);
data/tcpcrypt-0.5/shared/socket_address.c:148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name) + 1;
data/tcpcrypt-0.5/src/linux.c:238:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(s, buf, sizeof(buf));
data/tcpcrypt-0.5/src/rdr.c:130:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rc = read(sock->s, buf, sizeof(buf))) <= 0) {
data/tcpcrypt-0.5/src/tcpcryptd.c:598:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (send(s, buf, strlen(buf), 0) != strlen(buf))
data/tcpcrypt-0.5/src/tcpcryptd.c:598:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (send(s, buf, strlen(buf), 0) != strlen(buf))
data/tcpcrypt-0.5/src/tcpcryptd.c:637:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf, TEST_REPLY, strlen(TEST_REPLY)) != 0) {
data/tcpcrypt-0.5/src/tcpcryptd.c:916:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mask = umask(0);
data/tcpcrypt-0.5/src/tcpcryptd.c:919:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/tcpcrypt-0.5/util/tcs.c:171:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(s->s, buf, sizeof(buf) - 1);
data/tcpcrypt-0.5/util/tcs.c:192:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = strlen(buf);
data/tcpcrypt-0.5/util/tcs.c:240:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rc = read(s->s, buf, sizeof(buf))) <= 0)
ANALYSIS SUMMARY:
Hits = 301
Lines analyzed = 18467 in approximately 0.51 seconds (36408 lines/second)
Physical Source Lines of Code (SLOC) = 13715
Hits@level = [0] 128 [1] 20 [2] 170 [3] 3 [4] 107 [5] 1
Hits@level+ = [0+] 429 [1+] 301 [2+] 281 [3+] 111 [4+] 108 [5+] 1
Hits/KSLOC@level+ = [0+] 31.2796 [1+] 21.9468 [2+] 20.4885 [3+] 8.09333 [4+] 7.87459 [5+] 0.0729129
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.