Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static-autocomplete.c Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-key.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h Examining data/tgl-2.0.1+git20160323.ffb04cac/structures.c Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static-fetch.c Examining data/tgl-2.0.1+git20160323.ffb04cac/no-preview.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-timers.c Examining data/tgl-2.0.1+git20160323.ffb04cac/updates.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rand_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rsa_pem.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rsa_pem_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/bn_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/sha.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/sha_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/md5_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/err.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/md5.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rand.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/bn.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/md5_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/bn_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/sha_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/err_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rand_altern.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/err_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/meta.h Examining data/tgl-2.0.1+git20160323.ffb04cac/crypto/rsa_pem_openssl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tools.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-methods-in.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-fetch.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-timers.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-key.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-structures.h Examining data/tgl-2.0.1+git20160323.ffb04cac/event-old.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tree.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.h Examining data/tgl-2.0.1+git20160323.ffb04cac/generate.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mime-types.c Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static-print-ds.c Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-queries.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tools.h Examining data/tgl-2.0.1+git20160323.ffb04cac/updates.h Examining data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c Examining data/tgl-2.0.1+git20160323.ffb04cac/auto.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static-store.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl.c Examining data/tgl-2.0.1+git20160323.ffb04cac/queries.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-net-inner.h Examining data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.h Examining data/tgl-2.0.1+git20160323.ffb04cac/binlog.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-inner.h Examining data/tgl-2.0.1+git20160323.ffb04cac/queries.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.h Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-utils.c Examining data/tgl-2.0.1+git20160323.ffb04cac/mtproto-utils.h Examining data/tgl-2.0.1+git20160323.ffb04cac/auto-static-skip.c Examining data/tgl-2.0.1+git20160323.ffb04cac/tgl-binlog.h Examining data/tgl-2.0.1+git20160323.ffb04cac/generate.c FINAL RESULTS: data/tgl-2.0.1+git20160323.ffb04cac/auto-static-fetch.c:17:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. out_buf_pos += snprintf (out_buf + out_buf_pos, OUT_BUF_SIZE - out_buf_pos, __VA_ARGS__);\ data/tgl-2.0.1+git20160323.ffb04cac/auto-static-print-ds.c:18:20: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. out_buf_pos += snprintf (out_buf + out_buf_pos, OUT_BUF_SIZE - out_buf_pos, __VA_ARGS__);\ data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2951:66: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void logprintf (const char *format, ...) __attribute__ ((format (printf, 1, 2))); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:539:115: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void tgl_set_query_error (struct tgl_state *TLS, int error_code, const char *format, ...) __attribute__ ((format (printf, 3, 4))); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:545:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf (s, 1000, format, ap); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4755:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s + l, pwd[0]); data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:93:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (s, p); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:95:66: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void logprintf (const char *format, ...) __attribute__ ((format (printf, 1, 2), weak)); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:99:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf (stdout, format, ap); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:110:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int r = vsnprintf (buf, len, format, ap); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:3015:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt (argc, argv, "vhHg:")) != -1) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:93:21: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. *(long *)buf ^= lrand48 (); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:530:101: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void tgl_do_send_accept_encr_chat (struct tgl_state *TLS, struct tgl_secret_chat *E, unsigned char *random, void (*callback)(struct tgl_state *TLS,void *callback_extra, int success, struct tgl_secret_chat *E), void *callback_extra) { data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:550:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[i] ^= random_here[i]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:552:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TGLC_bn *b = TGLC_bn_bin2bn (random, 256, 0); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:644:83: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. void tgl_do_send_create_encr_chat (struct tgl_state *TLS, void *x, unsigned char *random, void (*callback)(struct tgl_state *TLS, void *callback_extra, int success, struct tgl_secret_chat *E), void *callback_extra) { data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:650:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random[i] ^= random_here[i]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:652:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. TGLC_bn *a = TGLC_bn_bin2bn (random, 256, 0); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:683:59: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bl_do_encr_chat (TLS, t, NULL, NULL, &our_id, &user_id, random, NULL, NULL, &state, NULL, NULL, NULL, NULL, NULL, NULL, TGLPF_CREATE | TGLPF_CREATED, NULL, 0); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:758:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. memcpy (random, DS_MDC->random->data, 256); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:762:85: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ((void (*)(struct tgl_state *, void *, void *, void *, void *))(*x))(TLS, x[1], random, q->callback, q->callback_extra); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:764:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. tfree_secure (random, 256); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:766:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. tfree_secure (random, 256); data/tgl-2.0.1+git20160323.ffb04cac/auto-static-fetch.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char out_buf[OUT_BUF_SIZE]; data/tgl-2.0.1+git20160323.ffb04cac/auto-static-print-ds.c:13:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char out_buf[OUT_BUF_SIZE]; data/tgl-2.0.1+git20160323.ffb04cac/auto-static-store.c:95:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char exp_buffer[1 << 25];; data/tgl-2.0.1+git20160323.ffb04cac/auto-static-store.c:219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (R->type, P->type, sizeof (*P->type)); data/tgl-2.0.1+git20160323.ffb04cac/auto-static.c:120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (R->type, P->type, sizeof (*P->type)); data/tgl-2.0.1+git20160323.ffb04cac/auto-static.c:166:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char exp_buffer[1 << 25];; data/tgl-2.0.1+git20160323.ffb04cac/auto.h:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r, d, len); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (TLS->DC_list[num]->auth_key, buf, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:110:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (TLS->encr_prime, prime, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:519:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:522:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.exchange_key, key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:525:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.exchange_key, key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:531:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.exchange_key, P->encr_chat.key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:534:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.key, key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:542:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.key, P->encr_chat.exchange_key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:549:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (P->encr_chat.key, P->encr_chat.exchange_key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:855:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[100]; data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:867:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (U->g_key, g_key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:871:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (U->key, key, 256); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:875:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (U->first_key_sha, first_key_id, 20); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes.h:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _dummy[ data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char check_struct_sizes[(sizeof (TGLC_aes_key) == AES_KEY_BYTES) - 1]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key->_dummy, userKey, AES_KEY_BYTES); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:70:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2 * 16]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prev_x, ivec + 16, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:78:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[16]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:81:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cur_x, in, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ivec + 16, prev_x, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ivec, prev_y, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:109:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2 * 16]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (prev_y, ivec, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:117:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[16]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_altern.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cur_y, in, 16); data/tgl-2.0.1+git20160323.ffb04cac/crypto/aes_openssl.c:30:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char check_struct_sizes[(sizeof (AES_KEY) == sizeof (TGLC_aes_key)) - 1]; data/tgl-2.0.1+git20160323.ffb04cac/crypto/bn_altern.c:111:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[sizeof (unsigned long)]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:61:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy (new, s, len); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:112:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1 << 20]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:346:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cur_name + L, "->params[%d]", i); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:358:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cur_name + L, "->params[0]"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:362:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (cur_name + L, "->params[1]"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1145:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[20]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1146:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "field%d", num); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1173:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[20]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1174:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (s, "field%d", num); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1190:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1239:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1299:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1366:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1430:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1498:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1551:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1601:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[10000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2220:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[1000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2288:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *gen_what[1000]; data/tgl-2.0.1+git20160323.ffb04cac/generate.c:3037:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (argv[optind], O_RDONLY | O_BINARY); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:94:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen (public_key_name, "r"); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:131:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int encrypt_packet_buffer_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32]) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:131:81: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int encrypt_packet_buffer_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32]) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:310:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char s_power[256]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:508:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sha1_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:584:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char th[44], sha1_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:585:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (th, DC->new_nonce, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:592:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (th + 33, sha1_buffer, 8); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:621:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (DC->temp_auth_key, DC->auth_key, 256); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:718:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:726:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (enc->msg_key, sha1_buffer + 4, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:744:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (enc_msg.message, msg, msg_ints * 4); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:769:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (enc_msg.message, msg, msg_ints * 4); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:777:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, &enc_msg, l + UNENCSZ); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:1084:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:1153:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Response[MAX_RESPONSE_SIZE]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-client.c:1222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (DC->temp_auth_key, DC->auth_key, 256); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:69:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int r = 0, h = open ("/dev/random", O_RDONLY | O_NONBLOCK); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:81:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). h = open ("/dev/urandom", O_RDONLY); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:148:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rb[32]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:155:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (password_filename, O_RDONLY | O_BINARY); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:206:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tempbuff[4096]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:207:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, str, len); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:263:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (packet_ptr, data, len); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:340:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char aes_key_raw[32], aes_iv[32]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:343:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32], int encrypt) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:343:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32], int encrypt) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:344:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buffer[64], hash[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, hidden_client_nonce, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:346:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 32, server_nonce, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:348:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 32, hidden_client_nonce, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:350:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, server_nonce, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 16, hidden_client_nonce, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:353:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_key_raw + 20, hash, 12); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:354:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv, hash + 12, 8); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv + 28, hidden_client_nonce, 4); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:364:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_auth (char auth_key[192], char msg_key[16], int encrypt) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:364:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_auth (char auth_key[192], char msg_key[16], int encrypt) { data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:365:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buffer[48], hash[20]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 16, auth_key, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:375:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_key_raw, hash, 8); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:376:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv, hash + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:378:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, auth_key + 32, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 16, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 32, auth_key + 48, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_key_raw + 8, hash + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv + 12, hash, 8); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, auth_key + 64, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:386:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 32, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_key_raw + 20, hash + 4, 12); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:389:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv + 20, hash + 16, 4); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:391:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:392:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + 16, auth_key + 96, 32); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:394:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aes_iv + 24, hash, 8); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_key[16]; data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (packet_ptr, what, len * 4); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r, s, i); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (*s, r, l); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:318:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, in_ptr, size); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:323:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, in_ptr, size); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:344:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, in_ptr, 4 * count); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:353:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 256 - l, s, l); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:356:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, s + (l - 256), 256); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:374:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32], int encrypt); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:374:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_unauth (const char server_nonce[16], const char hidden_client_nonce[32], int encrypt); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:375:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_auth (char auth_key[192], char msg_key[16], int encrypt); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:375:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void tgl_init_aes_auth (char auth_key[192], char msg_key[16], int encrypt); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:9:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1a_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:10:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1b_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:11:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1c_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:12:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1d_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:16:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_key, sha1a_buffer + 4, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:18:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buf[64]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:19:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:20:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, E->key, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:23:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, E->key + 8, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:24:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:25:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 32, E->key + 12, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:28:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, E->key + 16, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:29:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 32, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:32:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, E->key + 24, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:36:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:37:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, sha1a_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key + 8, sha1b_buffer + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:39:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key + 20, sha1c_buffer + 4, 12); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:41:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char iv[32]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:42:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv, sha1a_buffer + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:43:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 12, sha1b_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:44:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 20, sha1c_buffer + 16, 4); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 24, sha1d_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:79:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (encr_extra, encrypt_decrypted_message (E), 16); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:424:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[16]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:425:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char str[64]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:426:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, f->key, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:427:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str + 32, f->init_iv, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:547:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char random_here[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:565:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char kk[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:568:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:595:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buf[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:623:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, U->key, 256); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:628:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (U->first_key_sha, sha_buffer, 20); data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:647:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char random_here[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:669:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char g_a[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries-encrypted.c:758:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (random, DS_MDC->random->data, 256); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:232:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (q->data, data, 4 * ints); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:499:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[32]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:515:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:524:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:532:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4096]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:541:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[1001]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:716:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r + 1, text + p + 9, len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:792:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (n, new_text, cur_p); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1258:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (file_name, O_RDONLY | O_BINARY); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1266:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[(1 << 20) + 1]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:2037:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[512 << 10]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:2082:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open (file_name, O_RDONLY | O_BINARY); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:2161:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (f->init_iv, f->iv, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3118:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). D->fd = open (D->name, O_CREAT | O_WRONLY | O_BINARY, 0640); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3202:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[PATH_MAX]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (D->iv, V->iv, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3391:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[16]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3392:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char str[64]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3393:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, V->key, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3394:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str + 32, V->iv, 32); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3940:77: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int tgl_do_visualize_key (struct tgl_state *TLS, tgl_peer_id_t id, unsigned char buf[16]) { data/tgl-2.0.1+git20160323.ffb04cac/queries.c:3948:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, P->encr_chat.first_key_sha, 16); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4547:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[512]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4548:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char shab[32]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4558:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, current_salt, current_salt_len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4559:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + current_salt_len, current_password, current_password_len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4560:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + current_salt_len + current_password_len, current_salt, current_salt_len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4572:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char d[256]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4573:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (d, new_salt, new_salt_len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4578:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, d, l); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + l, new_password, new_password_len); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4581:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + l + new_password_len, d, l); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4678:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[512]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4742:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[512]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4743:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char shab[32]; data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4752:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, E->current_salt, l); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4757:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + l + r, E->current_salt, l); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4787:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[512]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:95:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *d[4]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:97:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10000]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:397:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst, src + src_len - 256, 256); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:400:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst + 256 - src_len, src, src_len); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:406:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst, src + src_len - 32, 32); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:409:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dst + 32 - src_len, src, src_len); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:444:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char g_key[256]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1629:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1a_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1630:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1b_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1631:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1c_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1632:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char sha1d_buffer[20]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1634:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char buf[64]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1638:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1639:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, e_key, 32); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1642:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, e_key + 8, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1643:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1644:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 32, e_key + 12, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1647:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, e_key + 16, 32); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1648:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 32, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1651:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, msg_key, 16); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1652:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 16, e_key + 24, 32); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1655:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char key[32]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1656:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, sha1a_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1657:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key + 8, sha1b_buffer + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1658:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key + 20, sha1c_buffer + 4, 12); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1660:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char iv[32]; data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1661:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv, sha1a_buffer + 8, 12); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1662:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 12, sha1b_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1663:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 20, sha1c_buffer + 16, 4); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:1664:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (iv + 24, sha1d_buffer + 0, 8); data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:9:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *mime_type_names[MAX_MIME_TYPES_NUM]; data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:10:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *mime_type_extensions[MAX_MIME_TYPES_NUM]; data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:92:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[11]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth_key[256]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_auth_key[256]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nonce[256]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_nonce[256]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char server_nonce[256]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-layout.h:470:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char first_key_sha[20]; data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:144:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c->out_tail->wptr, data, len); data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:151:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c->out_tail->wptr, data, y); data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:176:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, c->in_head->rptr, len); data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:181:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, c->in_head->rptr, y); data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:209:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, b->rptr, len); data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:212:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, b->rptr, y); data/tgl-2.0.1+git20160323.ffb04cac/tgl-queries.h:165:84: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int tgl_do_visualize_key (struct tgl_state *TLS, tgl_secret_chat_id_t id, unsigned char buf[16]); data/tgl-2.0.1+git20160323.ffb04cac/tgl.h:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rsa_key_list[TGL_MAX_RSA_KEYS_NUM]; data/tgl-2.0.1+git20160323.ffb04cac/tools.c:123:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rs, *res, strlen (*res) + 1); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:169:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, ptr, size >= old_size ? old_size : size); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, s, l + 1); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:223:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, s, l); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (r, s, n); data/tgl-2.0.1+git20160323.ffb04cac/auto-static-autocomplete.c:57:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (text); data/tgl-2.0.1+git20160323.ffb04cac/auto-static.c:312:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (text); data/tgl-2.0.1+git20160323.ffb04cac/binlog.c:57:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen (a) != l) { return 1; } data/tgl-2.0.1+git20160323.ffb04cac/generate.c:335:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int L = strlen (cur_name); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:546:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) && !empty) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:626:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) > 0 && !empty) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:627:150: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len >= 0 && cur_token_len == %d && !cur_token_quoted && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:707:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) > 0 && !empty) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:708:161: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len == -3 && cur_token_real_len <= %d && !cur_token_quoted && !memcmp (cur_token, \"%s\", cur_token_real_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:713:129: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len >= 0 && cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:798:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:825:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:846:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:855:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:888:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:913:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:929:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:936:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:966:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:996:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1012:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1039:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) && !empty) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1049:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1078:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1098:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1129:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) > 0) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1130:161: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len == -3 && cur_token_real_len <= %d && !cur_token_quoted && !memcmp (cur_token, \"%s\", cur_token_real_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1135:129: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len >= 0 && cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1163:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg->id && strlen (arg->id) > 0) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1164:150: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf ("%sif (cur_token_len >= 0 && cur_token_len == %d && !cur_token_quoted && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", offset, (int)(strlen (arg->id)), arg->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1191:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1240:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1300:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1367:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1431:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1499:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1552:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1602:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf (s, "T"); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1741:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf (" if (cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", (int)strlen (t->constructors[i]->id), t->constructors[i]->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:1782:102: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf (" if (cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", (int)strlen (t->constructors[i]->id), t->constructors[i]->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2447:98: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf (" if (cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", (int)strlen (fns[i]->id), fns[i]->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2524:98: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf (" if (cur_token_len == %d && !memcmp (cur_token, \"%s\", cur_token_len)) {\n", (int)strlen (fns[i]->id), fns[i]->id); data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2562:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (c->args[k]->id && strlen (c->args[k]->id) && j > 0) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2580:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!c->args[k]->id || !strlen (c->args[k]->id)) { data/tgl-2.0.1+git20160323.ffb04cac/generate.c:2994:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int rval = read (fd, buf + rs, len - rs); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:71:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (h, buf, n); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:85:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int s = read (h, buf + r, n - r); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.c:160:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int l = read (fd, a, password_length); data/tgl-2.0.1+git20160323.ffb04cac/mtproto-common.h:174:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_cstring (str, strlen (str)); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:122:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int)strlen (a) != l) { return 1; } data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1196:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_len = strlen (new_text); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1267:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int x = read (fd, buf, (1 << 20) + 1); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1887:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = f->file_name + strlen (f->file_name); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:1931:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = f->file_name + strlen (f->file_name); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:2038:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int x = read (f->fd, buf, f->part_size); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4614:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (pwd) != (size_t)E->new_password_len || memcmp (E->new_password, pwd, E->new_password_len)) { data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4639:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->new_password_len = strlen (pwd[0]); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4646:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->current_password_len = strlen (pwd[0]); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4668:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->hint_len = strlen (new_hint); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4746:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert (strlen (pwd[0]) <= 128); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:4754:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int r = strlen (pwd[0]); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5175:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tgl_do_send_code_result (TLS, E->phone, E->phone_len, E->hash, E->hash_len, code[0], strlen (code[0]), tgl_sign_in_result, E); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5203:93: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tgl_do_send_code_result_auth (TLS, E->phone, E->phone_len, E->hash, E->hash_len, code[0], strlen (code[0]), E->first_name, E->first_name_len, E->last_name, E->last_name_len, tgl_sign_up_result, E); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5208:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->last_name_len = strlen (last_name); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5213:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (first_name) < 1) { data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5217:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->first_name_len = strlen (first_name); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5225:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (yn) > 1) { data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5227:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (strlen (yn) == 0 || *yn == 'y' || *yn == 'Y') { data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5258:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->hash_len = strlen (mhash); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5270:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->phone_len = strlen (phone[0]); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5288:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tgl_do_send_bot_auth (TLS, code[0], strlen (code[0]), tgl_sign_in_bot_cb, NULL); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5417:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out_cstring (code[0], strlen (code[0])); data/tgl-2.0.1+git20160323.ffb04cac/queries.c:5434:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). E->hash_len = strlen (mhash); data/tgl-2.0.1+git20160323.ffb04cac/structures.c:102:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (d[i] && strlen (d[i])) { data/tgl-2.0.1+git20160323.ffb04cac/structures.c:116:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fl = strlen (s); data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:77:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen (filename); data/tgl-2.0.1+git20160323.ffb04cac/tg-mime-types.c:89:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (p) > 10) { data/tgl-2.0.1+git20160323.ffb04cac/tgl-net.c:506:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read (c->fd, c->in_tail->wptr, c->in_tail->end - c->in_tail->wptr); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:122:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). void *rs = talloc (strlen (*res) + 1); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:123:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (rs, *res, strlen (*res) + 1); data/tgl-2.0.1+git20160323.ffb04cac/tools.c:213:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen (s); data/tgl-2.0.1+git20160323.ffb04cac/tools.h:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tfree (ptr, strlen ((const char *)ptr) + 1); ANALYSIS SUMMARY: Hits = 359 Lines analyzed = 27015 in approximately 1.12 seconds (24102 lines/second) Physical Source Lines of Code (SLOC) = 22238 Hits@level = [0] 890 [1] 82 [2] 254 [3] 13 [4] 10 [5] 0 Hits@level+ = [0+] 1249 [1+] 359 [2+] 277 [3+] 23 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 56.1651 [1+] 16.1435 [2+] 12.4562 [3+] 1.03427 [4+] 0.449681 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.