Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/uaputl-1.12/uaputl.h Examining data/uaputl-1.12/uapcmd.c Examining data/uaputl-1.12/uaputl.c Examining data/uaputl-1.12/uapcmd.h FINAL RESULTS: data/uaputl-1.12/uapcmd.c:1534:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argv_rate[i], argv[j]); data/uaputl-1.12/uapcmd.c:1552:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argv_mrate[0], argv[output[1][0] + 1]); data/uaputl-1.12/uapcmd.c:1567:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argv_urate[0], argv[output[2][0] + 1]); data/uaputl-1.12/uaputl.c:337:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/uaputl-1.12/uaputl.c:426:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(fp, "%s", str); data/uaputl-1.12/uaputl.c:428:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(domain_name, str); data/uaputl-1.12/uaputl.c:458:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. fscanf(fp, "%s", str); data/uaputl-1.12/uaputl.c:469:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, strtok(str, ", ")); data/uaputl-1.12/uaputl.c:2373:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(country_80211d, args[1]); data/uaputl-1.12/uaputl.c:3597:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(country, argv[output[1][0] + 1]); data/uaputl-1.12/uaputl.c:5516:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dev_name, DEFAULT_DEV_NAME); data/uaputl-1.12/uapcmd.c:758:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:873:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1011:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1115:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1220:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1332:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1509:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1789:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:1901:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2009:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2107:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2201:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2330:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2432:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2537:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2639:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2743:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2866:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:2986:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3090:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3195:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3301:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3441:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3674:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3856:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:3980:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:4084:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:4212:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:4357:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:4465:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:4627:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:611:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:783:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:995:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:1093:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:1191:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:1293:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:1420:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:1538:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:3383:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:3547:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:3755:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:3942:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:4031:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:4092:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:4208:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+", cmd_options, NULL)) != -1) { data/uaputl-1.12/uaputl.c:5519:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "+hi:d:v", ap_options, NULL)) != -1) { data/uaputl-1.12/uapcmd.c:941:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Ssid, argv[0], tlv->Length); data/uaputl-1.12/uapcmd.c:966:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssid, tlv->Ssid, tlv->Length); data/uaputl-1.12/uapcmd.c:1053:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BeaconPeriod_ms = (u16) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:1157:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->DtimPeriod = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:1264:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->ChanNumber = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:1267:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BandConfigType = atoi(argv[1]) ? BAND_CONFIG_ACS_MODE : 0; data/uaputl-1.12/uapcmd.c:1268:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->ChanNumber = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:1385:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pChanList->ChanNumber = (u8) atoi(argv[i]); data/uaputl-1.12/uapcmd.c:1457:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse_input(int argc, char **argv, int output[3][2]) data/uaputl-1.12/uapcmd.c:1460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keywords[3] = { "rates", "mbrate", "urate" }; data/uaputl-1.12/uapcmd.c:1493:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv_rate[14]; data/uaputl-1.12/uapcmd.c:1495:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv_mrate[1]; data/uaputl-1.12/uapcmd.c:1496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv_urate[1]; data/uaputl-1.12/uapcmd.c:1533:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:1551:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:1566:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:1947:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->TxPower_dBm = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2049:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BcastSsidCtl = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2216:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uapcmd.c:2217:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uapcmd.c:2225:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uapcmd.c:2226:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uapcmd.c:2233:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[1]) == 0) || (atoi(argv[1]) < 0) || data/uaputl-1.12/uapcmd.c:2234:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[1]) > 1)) { data/uaputl-1.12/uapcmd.c:2265:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->WhichAntenna = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2270:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->AntennaMode = (u8) atoi(argv[1]); data/uaputl-1.12/uapcmd.c:2371:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->RtsThreshold = (u16) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2473:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->FragThreshold = (u16) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2577:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->RadioCtl = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:2679:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->rsn_replay_prot = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3026:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->PktFwdCtl = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3131:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->StaAgeoutTimer_ms = (u32) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3236:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->AuthMode = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3317:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) == PROTOCOL_NO_SECURITY) || data/uaputl-1.12/uapcmd.c:3318:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) == PROTOCOL_STATIC_WEP))) { data/uaputl-1.12/uapcmd.c:3350:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->Protocol = (u16) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3464:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[(3 * i)]) == 0) || (atoi(argv[(3 * i)]) < 0) || data/uaputl-1.12/uapcmd.c:3465:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[(3 * i)]) > 3)) { data/uaputl-1.12/uapcmd.c:3473:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[(3 * i) + 1]) < 0) || data/uaputl-1.12/uapcmd.c:3474:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[(3 * i) + 1]) > 1)) { data/uaputl-1.12/uapcmd.c:3485:60: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). printf("ERR:Incorrect KEY_%d length %d\n", atoi(argv[(3 * i)]), data/uaputl-1.12/uapcmd.c:3501:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uapcmd.c:3502:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 3)) { data/uaputl-1.12/uapcmd.c:3544:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->KeyIndex = atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3552:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). keyindex = atoi(argv[(3 * i)]); data/uaputl-1.12/uapcmd.c:3553:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). is_default = atoi(argv[(3 * i) + 1]); data/uaputl-1.12/uapcmd.c:3589:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Key, key, length); data/uaputl-1.12/uapcmd.c:3693:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uapcmd.c:3694:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 3)) { data/uaputl-1.12/uapcmd.c:3775:54: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ie_ptr->ie_index = (u16) uap_cpu_to_le16(atoi(argv[0])); data/uaputl-1.12/uapcmd.c:3786:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ie_ptr->ie_index = uap_cpu_to_le16(atoi(argv[0])); data/uaputl-1.12/uapcmd.c:3877:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[0]) & ~CIPHER_BITMAP) { data/uaputl-1.12/uapcmd.c:3882:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[1]) & ~CIPHER_BITMAP) { data/uaputl-1.12/uapcmd.c:3887:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (is_cipher_valid(atoi(argv[0]), atoi(argv[1])) != UAP_SUCCESS) { data/uaputl-1.12/uapcmd.c:3887:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (is_cipher_valid(atoi(argv[0]), atoi(argv[1])) != UAP_SUCCESS) { data/uaputl-1.12/uapcmd.c:3919:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->PairwiseCipher = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:3920:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->GroupCipher = (u8) atoi(argv[1]); data/uaputl-1.12/uapcmd.c:4019:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->GroupRekeyTime_sec = (u32) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:4145:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Passphrase, argv[0], tlv->Length); data/uaputl-1.12/uapcmd.c:4229:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) < 0) || (atoi(argv[0]) > 2))) { data/uaputl-1.12/uapcmd.c:4229:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) < 0) || (atoi(argv[0]) > 2))) { data/uaputl-1.12/uapcmd.c:4236:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[0]) != 0) && (argc == 1)) { data/uaputl-1.12/uapcmd.c:4279:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->FilterMode = atoi(argv[0]); data/uaputl-1.12/uapcmd.c:4400:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->Max_sta_num = (u16) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:4508:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->retry_limit = (u8) atoi(argv[0]); data/uaputl-1.12/uapcmd.c:4580:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/uaputl-1.12/uapcmd.c:4643:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) != 2)) { data/uaputl-1.12/uapcmd.c:4659:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/uaputl-1.12/uapcmd.c:4679:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cmd_buf->type = atoi(argv[0]); data/uaputl-1.12/uaputl.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dev_name[IFNAMSIZ + 1]; data/uaputl-1.12/uaputl.c:268:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[i]) == atoi(argv[j])) { data/uaputl-1.12/uaputl.c:268:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(argv[i]) == atoi(argv[j])) { data/uaputl-1.12/uaputl.c:402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[64]; data/uaputl-1.12/uaputl.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domain_name[40]; data/uaputl-1.12/uaputl.c:410:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country2[3]; data/uaputl-1.12/uaputl.c:412:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("80211d_domain.conf", "r"); data/uaputl-1.12/uaputl.c:803:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:804:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 2)) { data/uaputl-1.12/uaputl.c:812:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.ps_mode = atoi(argv[0]); data/uaputl-1.12/uaputl.c:824:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[1]) == 0) || (atoi(argv[1]) < 1) || data/uaputl-1.12/uaputl.c:825:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[1]) > 2)) { data/uaputl-1.12/uaputl.c:832:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). type = atoi(argv[1]); data/uaputl-1.12/uaputl.c:841:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[2]) == 0) || (atoi(argv[2]) < 0) || data/uaputl-1.12/uaputl.c:842:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[2]) > 1)) { data/uaputl-1.12/uaputl.c:850:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.ctrl_bitmap = atoi(argv[2]); data/uaputl-1.12/uaputl.c:856:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.min_sleep = atoi(argv[3]); data/uaputl-1.12/uaputl.c:857:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.max_sleep = atoi(argv[4]); data/uaputl-1.12/uaputl.c:878:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.inactivity_to = atoi(argv[2]); data/uaputl-1.12/uaputl.c:879:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.min_awake = atoi(argv[3]); data/uaputl-1.12/uaputl.c:880:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.max_awake = atoi(argv[4]); data/uaputl-1.12/uaputl.c:893:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[5]) == 0) || (atoi(argv[5]) < 1) || data/uaputl-1.12/uaputl.c:894:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[5]) > 2)) { data/uaputl-1.12/uaputl.c:901:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (type == atoi(argv[5])) { data/uaputl-1.12/uaputl.c:906:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). type = atoi(argv[5]); data/uaputl-1.12/uaputl.c:908:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[6]) == 0) || (atoi(argv[6]) < 0) || data/uaputl-1.12/uaputl.c:909:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[6]) > 1)) { data/uaputl-1.12/uaputl.c:917:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.ctrl_bitmap = atoi(argv[6]); data/uaputl-1.12/uaputl.c:923:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.min_sleep = atoi(argv[7]); data/uaputl-1.12/uaputl.c:924:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.sleep_param.max_sleep = atoi(argv[8]); data/uaputl-1.12/uaputl.c:945:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.inactivity_to = atoi(argv[6]); data/uaputl-1.12/uaputl.c:946:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.min_awake = atoi(argv[7]); data/uaputl-1.12/uaputl.c:947:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pm.inact_param.max_awake = atoi(argv[8]); data/uaputl-1.12/uaputl.c:1871:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[30]; data/uaputl-1.12/uaputl.c:1888:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config_file = fopen(argv[0], "r"); data/uaputl-1.12/uaputl.c:1997:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). index = atoi(args[0] + strlen("protectionFromQTime")); data/uaputl-1.12/uaputl.c:2005:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sco_prot_qtime[index] = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2011:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sco_prot_rate = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2017:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sco_acl_freq = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2023:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acl_enabled = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2029:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acl_bt_time = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2035:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acl_wlan_time = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2041:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). acl_prot_rate = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2086:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[30]; data/uaputl-1.12/uaputl.c:2113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country_80211d[4]; data/uaputl-1.12/uaputl.c:2119:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). config_file = fopen(argv[0], "r"); data/uaputl-1.12/uaputl.c:2412:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_buf->Domain.CountryCode, country_80211d, data/uaputl-1.12/uaputl.c:2414:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_buf->Domain.Subband, sub_bands, data/uaputl-1.12/uaputl.c:2485:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(args[1]) == 0) || (atoi(args[1]) < 0) || data/uaputl-1.12/uaputl.c:2486:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(args[1]) > 2)) { data/uaputl-1.12/uaputl.c:2489:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(args[1])); data/uaputl-1.12/uaputl.c:2492:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter_tlv->FilterMode = atoi(args[1]); data/uaputl-1.12/uaputl.c:2496:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filter_tlv->Count = atoi(args[1]); data/uaputl-1.12/uaputl.c:2528:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mask_ie_index = (u16) atoi(args[0] + strlen("MgmtSubtypeMask_")); data/uaputl-1.12/uaputl.c:2557:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). custom_ie_ptr->ie_index = (u16) atoi(args[0] + strlen("IEBuffer_")); data/uaputl-1.12/uaputl.c:2604:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Ssid, args[1], tlv->Length); data/uaputl-1.12/uaputl.c:2627:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BeaconPeriod_ms = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2656:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pChanList->ChanNumber = (u8) atoi(args[i + 1]); data/uaputl-1.12/uaputl.c:2680:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->ChanNumber = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2682:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BandConfigType = atoi(args[2]) ? BAND_CONFIG_ACS_MODE : 0; data/uaputl-1.12/uaputl.c:2713:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(args[1]) != UAP_SUCCESS) || (atoi(args[1]) < 0) || data/uaputl-1.12/uaputl.c:2714:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(args[1]) > 1)) { data/uaputl-1.12/uaputl.c:2733:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->AntennaMode = atoi(args[1]); data/uaputl-1.12/uaputl.c:2738:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(args[1]) != UAP_SUCCESS) || (atoi(args[1]) < 0) || data/uaputl-1.12/uaputl.c:2739:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(args[1]) > 1)) { data/uaputl-1.12/uaputl.c:2758:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->AntennaMode = atoi(args[1]); data/uaputl-1.12/uaputl.c:2805:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->TxPower_dBm = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2828:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->BcastSsidCtl = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2849:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->RtsThreshold = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2872:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->FragThreshold = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:2895:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->DtimPeriod = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2917:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->RadioCtl = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2939:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->rsn_replay_prot = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2974:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->PktFwdCtl = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:2996:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->StaAgeoutTimer_ms = (u32) atoi(args[1]); data/uaputl-1.12/uaputl.c:3005:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(args[1]) < 0) || (atoi(args[1]) > 1)) { data/uaputl-1.12/uaputl.c:3005:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(args[1]) < 0) || (atoi(args[1]) > 1)) { data/uaputl-1.12/uaputl.c:3023:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->AuthMode = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:3036:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). keyindex = atoi(args[1]); data/uaputl-1.12/uaputl.c:3099:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Key, &args[1][1], strlen(args[1]) - 2); data/uaputl-1.12/uaputl.c:3146:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlv->Passphrase, args[1], tlv->Length); data/uaputl-1.12/uaputl.c:3168:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->Protocol = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:3171:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(args[1]) & (PROTOCOL_WPA | PROTOCOL_WPA2)) { data/uaputl-1.12/uaputl.c:3201:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pairwisecipher = atoi(args[1]); data/uaputl-1.12/uaputl.c:3219:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). groupcipher = atoi(args[1]); data/uaputl-1.12/uaputl.c:3247:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->GroupRekeyTime_sec = (u32) atoi(args[1]); data/uaputl-1.12/uaputl.c:3270:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->Max_sta_num = (u16) atoi(args[1]); data/uaputl-1.12/uaputl.c:3294:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tlv->retry_limit = (u8) atoi(args[1]); data/uaputl-1.12/uaputl.c:3498:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parse_input_80211d(int argc, char **argv, int output[2][2]) data/uaputl-1.12/uaputl.c:3501:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keywords[2] = { "state", "country" }; data/uaputl-1.12/uaputl.c:3542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country[4] = { ' ', ' ', 0, 0 }; data/uaputl-1.12/uaputl.c:3675:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_buf->Domain.CountryCode, country, strlen(country)); data/uaputl-1.12/uaputl.c:3676:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmd_buf->Domain.Subband, sub_bands, data/uaputl-1.12/uaputl.c:4047:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1) && (atoi(argv[0]) != 2)) { data/uaputl-1.12/uaputl.c:4047:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1) && (atoi(argv[0]) != 2)) { data/uaputl-1.12/uaputl.c:4047:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1) && (atoi(argv[0]) != 2)) { data/uaputl-1.12/uaputl.c:4053:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). reg = atoi(argv[0]); data/uaputl-1.12/uaputl.c:4228:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). subcmd = atoi(argv[0]); data/uaputl-1.12/uaputl.c:4522:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[i]) == 0) || (atoi(argv[i]) < 1) || data/uaputl-1.12/uaputl.c:4523:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[i]) > MAX_CHANNELS)) { data/uaputl-1.12/uaputl.c:4542:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[0]) < MIN_TX_POWER) || data/uaputl-1.12/uaputl.c:4543:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_TX_POWER)) { data/uaputl-1.12/uaputl.c:4555:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = is_protocol_valid(atoi(argv[0])); data/uaputl-1.12/uaputl.c:4563:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[1]) == 0) || (atoi(argv[1]) < 0) || data/uaputl-1.12/uaputl.c:4564:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[1]) > 1)) { data/uaputl-1.12/uaputl.c:4568:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[1]) == 1) && (atoi(argv[0]) != 0)) { data/uaputl-1.12/uaputl.c:4568:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(argv[1]) == 1) && (atoi(argv[0]) != 0)) { data/uaputl-1.12/uaputl.c:4573:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((argc == 1) || (atoi(argv[1]) == 0)) { data/uaputl-1.12/uaputl.c:4574:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 1) || data/uaputl-1.12/uaputl.c:4575:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_CHANNELS)) { data/uaputl-1.12/uaputl.c:4613:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4613:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4625:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). } else if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4626:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_RTS_THRESHOLD)) { data/uaputl-1.12/uaputl.c:4638:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) < MIN_FRAG_THRESHOLD) || data/uaputl-1.12/uaputl.c:4639:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_FRAG_THRESHOLD)) { data/uaputl-1.12/uaputl.c:4650:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). } else if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 1) || data/uaputl-1.12/uaputl.c:4651:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_DTIM_PERIOD)) { data/uaputl-1.12/uaputl.c:4662:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4663:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uaputl.c:4677:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4677:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4708:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4708:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) != 0) && (atoi(argv[0]) != 1))) { data/uaputl-1.12/uaputl.c:4720:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || ((atoi(argv[0]) != 0) && data/uaputl-1.12/uaputl.c:4721:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ((atoi(argv[0]) < data/uaputl-1.12/uaputl.c:4723:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > data/uaputl-1.12/uaputl.c:4737:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4738:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uaputl.c:4751:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4752:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > MAX_GRP_TIMER)) { data/uaputl-1.12/uaputl.c:4764:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) > 8) || data/uaputl-1.12/uaputl.c:4765:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) < 0)) { data/uaputl-1.12/uaputl.c:4777:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < MIN_BEACON_PERIOD) data/uaputl-1.12/uaputl.c:4778:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). || (atoi(argv[0]) > MAX_BEACON_PERIOD)) { data/uaputl-1.12/uaputl.c:4790:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) > MAX_RETRY_LIMIT) || data/uaputl-1.12/uaputl.c:4791:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) < 0)) { data/uaputl-1.12/uaputl.c:4805:53: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((IS_HEX_OR_DIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4806:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uaputl.c:4828:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((ISDIGIT(argv[0]) == 0) || (atoi(argv[0]) < 0) || data/uaputl-1.12/uaputl.c:4829:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(argv[0]) > 1)) { data/uaputl-1.12/uaputl.c:5171:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssid, ssid_tlv->Ssid, ssid_tlv->Length); data/uaputl-1.12/uapcmd.c:896:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[0]) > MAX_SSID_LENGTH) { data/uaputl-1.12/uapcmd.c:904:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (argv[0][strlen(argv[0])] == '"') { data/uaputl-1.12/uapcmd.c:905:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argv[0][strlen(argv[0])] = '\0'; data/uaputl-1.12/uapcmd.c:907:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(argv[0])) { data/uaputl-1.12/uapcmd.c:913:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[0]); data/uaputl-1.12/uapcmd.c:940:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv->Length = strlen(argv[0]); data/uaputl-1.12/uapcmd.c:1533:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:1551:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:1566:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (char *) malloc(sizeof(char) * (strlen(argv[j]) + 1)); data/uaputl-1.12/uapcmd.c:3481:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[(3 * i) + 2]) != 5) && data/uaputl-1.12/uapcmd.c:3482:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(argv[(3 * i) + 2]) != 10) data/uaputl-1.12/uapcmd.c:3483:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strlen(argv[(3 * i) + 2]) != 13) && data/uaputl-1.12/uapcmd.c:3484:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(argv[(3 * i) + 2]) != 26)) { data/uaputl-1.12/uapcmd.c:3486:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[(3 * i) + 2])); data/uaputl-1.12/uapcmd.c:3490:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[(3 * i) + 2]) == 10) || data/uaputl-1.12/uapcmd.c:3491:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(argv[(3 * i) + 2]) == 26)) { data/uaputl-1.12/uapcmd.c:3555:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(key); data/uaputl-1.12/uapcmd.c:3733:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ie_buf_len = strlen(argv[2]); data/uaputl-1.12/uapcmd.c:4099:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((argc == 1) && (strlen(argv[0]) > MAX_WPA_PASSPHRASE_LENGTH)) { data/uaputl-1.12/uapcmd.c:4103:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((argc == 1) && (strlen(argv[0]) < MIN_WPA_PASSPHRASE_LENGTH)) { data/uaputl-1.12/uapcmd.c:4107:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((argc == 1) && (strlen(argv[0]) == MAX_WPA_PASSPHRASE_LENGTH)) { data/uaputl-1.12/uapcmd.c:4122:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[0]); data/uaputl-1.12/uapcmd.c:4144:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv->Length = strlen(argv[0]); data/uaputl-1.12/uaputl.c:418:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) country2, country, 2); data/uaputl-1.12/uaputl.c:726:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_ifrn.ifrn_name, dev_name, strlen(dev_name)); data/uaputl-1.12/uaputl.c:726:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ifr.ifr_ifrn.ifrn_name, dev_name, strlen(dev_name)); data/uaputl-1.12/uaputl.c:1738:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(line); data/uaputl-1.12/uaputl.c:1839:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = pos + strlen(pos) - 1; data/uaputl-1.12/uaputl.c:1997:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). index = atoi(args[0] + strlen("protectionFromQTime")); data/uaputl-1.12/uaputl.c:2369:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) > 3) || (strlen(args[1]) < 0)) { data/uaputl-1.12/uaputl.c:2369:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) > 3) || (strlen(args[1]) < 0)) { data/uaputl-1.12/uaputl.c:2374:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(country_80211d); i++) { data/uaputl-1.12/uaputl.c:2413:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(country_80211d)); data/uaputl-1.12/uaputl.c:2528:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mask_ie_index = (u16) atoi(args[0] + strlen("MgmtSubtypeMask_")); data/uaputl-1.12/uaputl.c:2545:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ie_buf_len = strlen(args[1]); data/uaputl-1.12/uaputl.c:2557:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). custom_ie_ptr->ie_index = (u16) atoi(args[0] + strlen("IEBuffer_")); data/uaputl-1.12/uaputl.c:2582:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (args[1][strlen(args[1]) - 1] == '"') { data/uaputl-1.12/uaputl.c:2583:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). args[1][strlen(args[1]) - 1] = '\0'; data/uaputl-1.12/uaputl.c:2585:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) > MAX_SSID_LENGTH) || data/uaputl-1.12/uaputl.c:2586:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(args[1]) == 0)) { data/uaputl-1.12/uaputl.c:2592:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv_len = sizeof(TLVBUF_SSID) + strlen(args[1]); data/uaputl-1.12/uaputl.c:2603:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv->Length = strlen(args[1]); data/uaputl-1.12/uaputl.c:3052:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) != 2) && (strlen(args[1]) != 7) && data/uaputl-1.12/uaputl.c:3052:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) != 2) && (strlen(args[1]) != 7) && data/uaputl-1.12/uaputl.c:3053:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(args[1]) != 15)) { data/uaputl-1.12/uaputl.c:3057:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_len = strlen(args[1]) - 2; data/uaputl-1.12/uaputl.c:3059:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) != 0) && (strlen(args[1]) != 10) && data/uaputl-1.12/uaputl.c:3059:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(args[1]) != 0) && (strlen(args[1]) != 10) && data/uaputl-1.12/uaputl.c:3060:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(args[1]) != 26)) { data/uaputl-1.12/uaputl.c:3069:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_len = strlen(args[1]) / 2; data/uaputl-1.12/uaputl.c:3099:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(tlv->Key, &args[1][1], strlen(args[1]) - 2); data/uaputl-1.12/uaputl.c:3115:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (args[1][strlen(args[1]) - 1] == '"') { data/uaputl-1.12/uaputl.c:3116:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). args[1][strlen(args[1]) - 1] = '\0'; data/uaputl-1.12/uaputl.c:3118:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv_len = sizeof(TLVBUF_WPA_PASSPHRASE) + strlen(args[1]); data/uaputl-1.12/uaputl.c:3119:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args[1]) > MAX_WPA_PASSPHRASE_LENGTH) { data/uaputl-1.12/uaputl.c:3123:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args[1]) < MIN_WPA_PASSPHRASE_LENGTH) { data/uaputl-1.12/uaputl.c:3127:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args[1]) == MAX_WPA_PASSPHRASE_LENGTH) { data/uaputl-1.12/uaputl.c:3145:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlv->Length = strlen(args[1]); data/uaputl-1.12/uaputl.c:3591:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[output[1][0] + 1]) > 3) || data/uaputl-1.12/uaputl.c:3592:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(argv[output[1][0] + 1]) < 0)) { data/uaputl-1.12/uaputl.c:3599:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(country); i++) { data/uaputl-1.12/uaputl.c:3675:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(cmd_buf->Domain.CountryCode, country, strlen(country)); data/uaputl-1.12/uaputl.c:4479:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(x); i++) data/uaputl-1.12/uaputl.c:4880:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mac) != ((2 * ETH_ALEN) + (ETH_ALEN - 1))) { data/uaputl-1.12/uaputl.c:4910:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (strlen(str) + 1) / 2; data/uaputl-1.12/uaputl.c:4954:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(p); data/uaputl-1.12/uaputl.c:5437:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_ifrn.ifrn_name, dev_name, strlen(dev_name)); data/uaputl-1.12/uaputl.c:5437:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(ifr.ifr_ifrn.ifrn_name, dev_name, strlen(dev_name)); data/uaputl-1.12/uaputl.c:5522:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) < IFNAMSIZ) { data/uaputl-1.12/uaputl.c:5524:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dev_name, optarg, strlen(optarg)); data/uaputl-1.12/uaputl.c:5524:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(dev_name, optarg, strlen(optarg)); data/uaputl-1.12/uaputl.c:5553:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ap_command[i].cmd, argv[0], strlen(ap_command[i].cmd))) data/uaputl-1.12/uaputl.c:5555:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ap_command[i].cmd) != strlen(argv[0])) data/uaputl-1.12/uaputl.c:5555:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ap_command[i].cmd) != strlen(argv[0])) ANALYSIS SUMMARY: Hits = 343 Lines analyzed = 11621 in approximately 0.34 seconds (34027 lines/second) Physical Source Lines of Code (SLOC) = 8633 Hits@level = [0] 905 [1] 74 [2] 211 [3] 47 [4] 11 [5] 0 Hits@level+ = [0+] 1248 [1+] 343 [2+] 269 [3+] 58 [4+] 11 [5+] 0 Hits/KSLOC@level+ = [0+] 144.562 [1+] 39.7313 [2+] 31.1595 [3+] 6.71841 [4+] 1.27418 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.