Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSReissueRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRSAKeyPairImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSCompoundResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSMessageFactoryImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSUseKeyWithImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSLocateRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidateRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSPrototypeKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidityIntervalImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSUnverifiedKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSLocateResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidateResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSPendingRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSAuthenticationImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSMessageAbstractTypeImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResponseMechanismImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRespondWithImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSNotBoundAuthentication.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSCompoundRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResultTypeImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSQueryKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRequestAbstractTypeImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSKeyBindingAbstractTypeImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRespondWithImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResponseMechanismImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSCompoundRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSNotBoundAuthenticationImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResultTypeImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSQueryKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRequestAbstractTypeImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSKeyBindingAbstractTypeImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRSAKeyPairImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSCompoundResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSUseKeyWithImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSMessageFactoryImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRevokeRequestImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSLocateRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSReissueKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidateRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSPrototypeKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidityIntervalImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSUnverifiedKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSLocateResultImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSValidateResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSStatusResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSPendingRequestImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSKeyBindingImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSAuthenticationImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSMessageAbstractTypeImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSResultImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverKeyBindingImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSCompoundRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRequestAbstractType.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRecoverRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSCompoundResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRegisterRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSStatus.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRegisterResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRespondWith.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRevokeResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRSAKeyPair.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSConstants.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSValidateRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSPendingRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRecoverResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSReissueKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSKeyBindingAbstractType.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSLocateResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSUseKeyWith.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSNotBoundAuthentication.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRevokeRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSQueryKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSReissueResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSMessageAbstractType.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSConstants.cpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSAuthentication.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSPrototypeKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSResultType.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSResponseMechanism.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSStatusResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRecoverKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSMessageFactory.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSLocateRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSUnverifiedKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSRevokeKeyBinding.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSStatusRequest.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSValidateResult.hpp
Examining data/xml-security-c-2.0.2/xsec/xkms/XKMSValidityInterval.hpp
Examining data/xml-security-c-2.0.2/xsec/tools/c14n/c14n.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/checksig/AnonymousResolver.hpp
Examining data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.hpp
Examining data/xml-security-c-2.0.2/xsec/tools/checksig/AnonymousResolver.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.hpp
Examining data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/threadTest/threadtest.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/siginf/siginf.cpp
Examining data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECProvider.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECURIResolverXerces.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECAlgorithmMapper.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECEnv.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECVersion.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECError.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECException.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECDefs.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECException.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/resource.h
Examining data/xml-security-c-2.0.2/xsec/framework/XSECProvider.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECURIResolverXerces.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECAlgorithmMapper.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECEnv.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECURIResolver.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECError.cpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECAlgorithmHandler.hpp
Examining data/xml-security-c-2.0.2/xsec/framework/XSECW32Config.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformBase64.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoSPKIData.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGObject.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGConstants.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGSignedInfo.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoList.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransform.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoMgmtData.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformList.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformEnvelope.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGReference.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGXPathHere.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoValue.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGReferenceList.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformC14n.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoX509.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGXPathFilterExpr.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoPGPData.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoName.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXPath.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoDEREncoded.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXPathFilter.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXSL.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoExt.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGSignature.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGReferenceList.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformC14n.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoX509.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGXPathFilterExpr.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoPGPData.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXPath.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoName.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoDEREncoded.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfo.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXPathFilter.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGSignature.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoExt.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformXSL.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGObject.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoSPKIData.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformBase64.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGConstants.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGSignedInfo.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoList.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformList.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransform.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoMgmtData.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGTransformEnvelope.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGXPathHere.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGReference.cpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoValue.hpp
Examining data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSOAPRequestorSimple.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECAlgorithmSupport.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECPlatformUtils.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECNameSpaceExpander.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECBinTXFMInputStream.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECTXFMInputSource.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSOAPRequestor.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECXPathNodeList.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECDOMUtils.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSafeBufferFormatter.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECXPathNodeList.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECAutoPtr.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECDOMUtils.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSafeBufferFormatter.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECSOAPRequestorSimple.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECAlgorithmSupport.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECPlatformUtils.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECNameSpaceExpander.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECBinTXFMInputStream.hpp
Examining data/xml-security-c-2.0.2/xsec/utils/XSECTXFMInputSource.cpp
Examining data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECCanon.cpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECC14n20010315.cpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECXMLNSStack.hpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECC14n20010315.hpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECXMLNSStack.cpp
Examining data/xml-security-c-2.0.2/xsec/canon/XSECCanon.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoX509.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoProvider.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoKey.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoKeyRSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHash.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoProvider.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoX509.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHash.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoProvider.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoX509.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoBase64.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoSymmetricKey.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoKeyHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoKeyEC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoX509.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoProvider.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHash.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyRSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoX509.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoProvider.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHash.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyRSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSCrypt/XSCryptCryptoBase64.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoKeyDSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoBase64.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolver.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoX509.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLSupport.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoProvider.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLSupport.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
Examining data/xml-security-c-2.0.2/xsec/enc/XSECCryptoHash.hpp
Examining data/xml-security-c-2.0.2/xsec/samples/IOStreamOutputter.cpp
Examining data/xml-security-c-2.0.2/xsec/samples/simpleValidate.cpp
Examining data/xml-security-c-2.0.2/xsec/samples/simpleDecrypt.cpp
Examining data/xml-security-c-2.0.2/xsec/samples/simpleHMAC.cpp
Examining data/xml-security-c-2.0.2/xsec/samples/IOStreamOutputter.hpp
Examining data/xml-security-c-2.0.2/xsec/samples/simpleEncrypt.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherValueImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptionMethodImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedKeyImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedDataImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherDataImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherReferenceImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedTypeImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedDataImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherDataImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherReferenceImpl.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedTypeImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherValueImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptionMethodImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/impl/XENCEncryptedKeyImpl.cpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCEncryptedKey.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCCipherReference.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCCipher.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCCipherValue.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCEncryptedData.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCCipherData.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCEncryptionMethod.hpp
Examining data/xml-security-c-2.0.2/xsec/xenc/XENCEncryptedType.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMDocObject.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMParser.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMURL.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMChain.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMConcatChains.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXPathFilter.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMC14n.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMEnvelope.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMOutputFile.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMBase64.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXPath.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMChar.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMHash.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMCipher.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMBase.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXSL.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMSB.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMBase.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMCipher.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXSL.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMSB.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMParser.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMDocObject.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMURL.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMChain.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXPathFilter.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMC14n.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMConcatChains.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMOutputFile.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMEnvelope.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMBase64.hpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMXPath.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMChar.cpp
Examining data/xml-security-c-2.0.2/xsec/transformers/TXFMHash.hpp
FINAL RESULTS:
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:175:28: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
EVP_DecryptInit(mp_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:177:28: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
EVP_DecryptInit(mp_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:61:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, inMsg);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:65:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, XSECCryptoExceptionStrings[type]);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:79:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, (char *) inMsg.rawBuffer());
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:93:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, toCopy.msg);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:438:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:442:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:445:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, filename);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:399:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) keyStr, argv[paramCount]);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:656:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:660:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:663:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, filename);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1125:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1129:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1132:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, filename);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:196:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, m_name);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:204:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, numBuf);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:499:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, path);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:501:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(baseURI, filename);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:146:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) buffer, inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:204:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) buffer, inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:213:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) buffer, (char *) inStr.buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:244:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) buffer, inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:252:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) buffer, (char *) inStr.buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:532:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *) buffer, t);
data/xml-security-c-2.0.2/xsec/utils/XSECPlatformUtils.cpp:86:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
sink->setFile(getenv("XSEC_DEBUG_FILE"));
data/xml-security-c-2.0.2/xsec/utils/XSECPlatformUtils.cpp:125:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* sink = getenv("XSEC_DEBUG_FILE");
data/xml-security-c-2.0.2/xsec/canon/XSECCanon.cpp:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&outBuffer[i], &m_buffer[m_bufferPoint], remaining);
data/xml-security-c-2.0.2/xsec/canon/XSECCanon.cpp:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&outBuffer[i], &m_buffer[m_bufferPoint], remaining);
data/xml-security-c-2.0.2/xsec/canon/XSECCanon.cpp:115:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&outBuffer[i], &m_buffer[m_bufferPoint], bytesToGo);
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:73:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputStr[MAXB64BUFSIZE];
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:159:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b64Str[MAXB64BUFSIZE];
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:291:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[4096];
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b64Buf[MAXB64BUFSIZE];
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:445:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[4096];
data/xml-security-c-2.0.2/xsec/dsig/DSIGSignature.cpp:767:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[4096];
data/xml-security-c-2.0.2/xsec/dsig/DSIGSignedInfo.cpp:304:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_HMACOutputLength = atoi((char *) val.rawBuffer());
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHash.cpp:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHash.hpp:152:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[NSS_MAX_HASH_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.cpp:280:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.hpp:155:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[XSEC_MAX_HASH_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.hpp:162:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_ipadKeyed[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoHashHMAC.hpp:163:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_opadKeyed[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.cpp:537:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.cpp:566:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.cpp:595:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyDSA.cpp:624:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyRSA.cpp:593:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[encryptSize - inLength], inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyRSA.cpp:678:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoKeyRSA.cpp:702:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoProvider.cpp:267:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rv->data, os, retLen);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.cpp:406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genIV[256];
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.cpp:524:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, usedIV, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.cpp:553:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipherBuf, m_lastBlock, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/NSS/NSSCryptoSymmetricKey.hpp:292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_lastBlock[NSS_MAX_BLOCK_SIZE];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp:189:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp:156:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp:175:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp:318:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rb[20];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp:319:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sb[20];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp:399:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rawSigBuf[2*DSAsigCompLen];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:65:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cnt[4];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:67:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[EVP_MAX_MD_SIZE];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:95:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mask + outlen, md, len - outlen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:119:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE]; // accomodate largest hash size
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:143:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db + emlen - flen - digestlen, from, (unsigned int) flen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:211:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_from + lzero, from, flen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:248:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, db + i, mlen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:608:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(preEncryptBuf, oid, oidLen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:609:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&preEncryptBuf[oidLen], hashBuf, hashLen);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:678:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[2048];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:681:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:776:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[512];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp:778:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, plainBuf, decryptSize);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:425:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e[2048];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:428:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:472:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainBuf, m_lastBlock, m_bytesInLastBlock);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:475:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, &plainBuf[outl + m_bytesInLastBlock - m_blockSize], m_blockSize);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainBuf, m_lastBlock, outl);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:551:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scrPlainBuf, m_lastBlock, m_bytesInLastBlock);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:590:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainBuf, scrPlainBuf, outl);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:629:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genIV[256];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:869:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, usedIV, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:873:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, usedIV, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipherBuf, m_lastBlock, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp:318:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_lastBlock[MAX_BLOCK_SIZE];
data/xml-security-c-2.0.2/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHash.cpp:147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHash.hpp:161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[WINCAPI_MAX_HASH_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp:271:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_ipadKeyed, ipad, m_blockSize);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp:272:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_opadKeyed, opad, m_blockSize);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.cpp:406:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hash, m_mdValue, retLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp:174:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_mdValue[XSEC_MAX_HASH_SIZE]; // Final output
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp:183:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_ipadKeyed[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoHashHMAC.hpp:184:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_opadKeyed[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, mp_P, m_PLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:247:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, mp_Q, m_QLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:256:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, mp_G, m_GLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, mp_Y, m_YLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:328:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rb[20];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:329:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sb[20];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:539:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_P, mp_P, m_PLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:547:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_Q, mp_Q, m_QLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:555:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_G, mp_G, m_GLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:563:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_Y, mp_Y, m_YLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:636:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp_P, i, keyLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:648:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp_Q, i, m_QLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:660:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp_G, i, m_GLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:672:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp_Y, i, m_YLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:694:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:719:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:744:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyDSA.cpp:769:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:209:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i, mp_modulus, m_modulusLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:500:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_exponent, mp_exponent, m_exponentLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:508:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret->mp_modulus, mp_modulus, m_modulusLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:620:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipherBuf, inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:689:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf, cipherBuf, encryptSize);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp_modulus, i, m_modulusLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:813:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoKeyRSA.cpp:837:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b64, b, bLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:278:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_lastBlock[m_bytesInLastBlock], inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:287:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainBuf, m_lastBlock, m_bytesInLastBlock);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&plainBuf[m_bytesInLastBlock], &inBuf[offset], outl - rounding);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:294:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, &inBuf[offset + outl - rounding], rounding);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:319:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(plainBuf, m_lastBlock, outl);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:377:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char genIV[256];
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:474:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, usedIV, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipherBuf, m_lastBlock, m_ivSize);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_lastBlock[m_bytesInLastBlock], inBuf, inLength);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufPtr, m_lastBlock, m_bytesInLastBlock);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:560:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_lastBlock, &inBuf[inLength - rounding], rounding);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:564:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bufPtr, inBuf, inLength - rounding);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:591:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cipherBuf, m_lastBlock, m_bytesInLastBlock);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:682:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encryptBuf, key, keyLen);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.cpp:740:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&simpleBlob[sizeof(BLOBHEADER) + sizeof(DWORD)], encryptBuf, outl);
data/xml-security-c-2.0.2/xsec/enc/WinCAPI/WinCAPICryptoSymmetricKey.hpp:333:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_lastBlock[WINCAPI_MAX_BLOCK_SIZE];
data/xml-security-c-2.0.2/xsec/enc/XSCrypt/XSCryptCryptoBase64.cpp:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[400]; // Do 400 bytes at a time
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inp, input, inputLen);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:300:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:327:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shaOutput[22]; // SHA1 has 20 bytes of output
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&output[bytesDone], shaOutput, bytesToDo);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:439:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &input[4], 20);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, &input[26], 20);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoX509.cpp:44:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b1, buf, len);
data/xml-security-c-2.0.2/xsec/samples/IOStreamOutputter.cpp:453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (char *) toWrite, (int) count);
data/xml-security-c-2.0.2/xsec/samples/simpleEncrypt.cpp:150:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[24];
data/xml-security-c-2.0.2/xsec/samples/simpleValidate.cpp:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char docToValidate [4096] = "\
data/xml-security-c-2.0.2/xsec/tools/c14n/c14n.cpp:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:381:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&octxski[2], xski, xlen);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:271:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char *) argv[paramCount],
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:430:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:431:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseURI[(PATH_MAX * 2) + 10];
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:434:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(baseURI, "file:///");
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:480:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:222:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[24];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:382:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyStr[64];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:392:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kbuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:393:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CalculateXKMSKEK((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), kbuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:399:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
strcpy((char *) keyStr, argv[paramCount]);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:648:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:649:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseURI[(PATH_MAX * 2) + 10];
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:652:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(baseURI, "file:///");
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:467:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (char *) toWrite, (int) count);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:779:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
hmacKey->setKey((unsigned char *) argv[paramCount + 1], (unsigned int) strlen(argv[paramCount + 1]));
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:902:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(unsigned char *) argv[paramCount],
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseURI[(PATH_MAX * 2) + 10];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1121:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(baseURI, "file:///");
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1167:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1168:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1169:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1170:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1191:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1192:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mBuf[1024];
data/xml-security-c-2.0.2/xsec/tools/threadTest/threadtest.cpp:161:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, formatTarget->getRawBuffer(), len);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numBuf[10];
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:201:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numBuf, "%d", m_counter);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:208:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_out.open(buf, ios::out | ios::binary);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:292:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:382:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
refNum = atoi(argv[paramCount++]);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:494:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:495:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char baseURI[(PATH_MAX * 2) + 10];
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:498:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(baseURI, "file:///");
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:246:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen(infile, "r");
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:251:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:517:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lr->setResponseLimit(atoi(argv[paramCount]));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:800:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vr->setResponseLimit(atoi(argv[paramCount]));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1156:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1157:80: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSRevocationCodeIdentifierEncoding2((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1181:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1182:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1578:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rciBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1579:80: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSRevocationCodeIdentifierEncoding1((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1602:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1603:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1982:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1983:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:2404:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:2405:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3207:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keyBuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:143:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char createdDocRefs [9][20] = {
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:165:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char longShaRefs [4][64] = {
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mbuf, formatTarget->getRawBuffer(), len);
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:904:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:1364:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:1458:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mbuf, formatTarget->getRawBuffer(), len);
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:2315:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char randomBuffer[256];
data/xml-security-c-2.0.2/xsec/transformers/TXFMBase64.cpp:114:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&toFill[ret], m_outputBuffer, fill);
data/xml-security-c-2.0.2/xsec/transformers/TXFMBase64.hpp:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_outputBuffer[2050]; // Always keep 2K of data
data/xml-security-c-2.0.2/xsec/transformers/TXFMBase64.hpp:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_inputBuffer[1026]; // Always read 1026 bytes (encoding grows)
data/xml-security-c-2.0.2/xsec/transformers/TXFMChar.cpp:106:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &(buf[sbs - toOutput]), toOutput);
data/xml-security-c-2.0.2/xsec/transformers/TXFMChar.cpp:114:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &(buf[sbs - toOutput]), maxToFill);
data/xml-security-c-2.0.2/xsec/transformers/TXFMCipher.cpp:126:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&toFill[ret], m_outputBuffer, fill);
data/xml-security-c-2.0.2/xsec/transformers/TXFMCipher.hpp:83:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_inputBuffer[2050];
data/xml-security-c-2.0.2/xsec/transformers/TXFMCipher.hpp:84:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char m_outputBuffer[3072]; // Always keep 2K of data
data/xml-security-c-2.0.2/xsec/transformers/TXFMHash.cpp:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[1024];
data/xml-security-c-2.0.2/xsec/transformers/TXFMHash.cpp:125:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &md_value[md_len - toOutput], toOutput);
data/xml-security-c-2.0.2/xsec/transformers/TXFMHash.cpp:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &md_value[md_len - toOutput], maxToFill);
data/xml-security-c-2.0.2/xsec/transformers/TXFMOutputFile.cpp:67:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(fileName, ios::binary|ios::out|ios::app);
data/xml-security-c-2.0.2/xsec/transformers/TXFMSB.cpp:121:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &(sb.rawBuffer()[sbs - toOutput]), toOutput);
data/xml-security-c-2.0.2/xsec/transformers/TXFMSB.cpp:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) toFill, &(sb.rawBuffer()[sbs - toOutput]), maxToFill);
data/xml-security-c-2.0.2/xsec/transformers/TXFMXSL.cpp:144:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/xml-security-c-2.0.2/xsec/utils/XSECDOMUtils.cpp:355:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charSizes[2050];
data/xml-security-c-2.0.2/xsec/utils/XSECDOMUtils.cpp:410:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputBuf[2050];
data/xml-security-c-2.0.2/xsec/utils/XSECDOMUtils.cpp:791:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[128];
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer, buffer, bufferSize);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, other.buffer, bufferSize);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:269:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, inBuf, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:277:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[offset], inBuf, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:296:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[offset], inStr, il);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:310:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outBuf, buffer, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:463:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cpy.buffer, bufferSize);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:484:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inBuf[2048];
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:490:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[offset], inBuf, bytesRead);
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &sa.sin_addr,
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inBuffer[4000];
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:266:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int httpResponse = atoi(p);
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:270:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redirectBuf[256];
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:335:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
responseLength = atoi(p);
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &sa.sin_addr,
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inBuffer[4000];
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:307:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int httpResponse = atoi(p);
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:313:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redirectBuf[256];
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:374:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
responseLength = atoi(p);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:244:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aesBuf, buf, 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:246:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aesBuf[8], &buf[8* i], 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:262:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, aesOutBuf, 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:264:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[8 * i], &aesOutBuf[8], 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:287:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s_AES_IV, 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:320:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aesBuf, buf, 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:322:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&aesBuf[8], &buf[8 * i], 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:336:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, aesOutBuf, 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:340:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[8 * i], &aesOutBuf[8], 8);
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCCipherImpl.cpp:724:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rawKey, sb.rawBuffer(), keySize);
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.cpp:242:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kbuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.cpp:327:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kbuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.cpp:242:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kbuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.cpp:328:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kbuf[XSEC_MAX_HASH_SIZE];
data/xml-security-c-2.0.2/xsec/canon/XSECC14n20010315.cpp:236:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nsBuf = new char [strlen(xmlnsList) + 1];
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:88:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outputLen = b64->decode((unsigned char *) b64Str, (unsigned int) strlen((char *) b64Str), outputStr, MAXB64BUFSIZE);
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:399:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(b64Buf, (char *) b64SB.rawBuffer(), MAXB64BUFSIZE);
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:410:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (unsigned int) strlen(b64Buf);
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:461:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen(sig));
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:472:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen(sig),
data/xml-security-c-2.0.2/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp:484:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen(sig));
data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoX509.cpp:159:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cryptoX509->loadX509Base64Bin(charX509.get(), (int) strlen(charX509.get()));
data/xml-security-c-2.0.2/xsec/dsig/DSIGKeyInfoX509.cpp:648:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h->mp_cryptoX509->loadX509Base64Bin(charX509.get(), (unsigned int) strlen(charX509.get()));
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:60:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = new char[strlen(inMsg) + 1];
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:64:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = new char[strlen(XSECCryptoExceptionStrings[type]) + 1];
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:78:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = new char[strlen((char *) inMsg.rawBuffer()) + 1];
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoException.cpp:92:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg = new char[strlen(toCopy.msg) + 1];
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:248:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ret = (int)strlen(utf8output);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:406:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int j = b64->decode((unsigned char *) tinput.get(), (unsigned int) strlen(tinput.get()), output, maxOutputLen - 1);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoUtils.cpp:418:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int j = b64->decode((unsigned char *) input, (unsigned int) strlen(input), output, maxOutputLen - 1);
data/xml-security-c-2.0.2/xsec/enc/XSECCryptoX509.cpp:61:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("-----BEGIN CERTIFICATE-----");
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:92:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509->loadX509Base64Bin(transX509.rawCharBuffer(), (unsigned int) strlen(transX509.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:115:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsa->loadPBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:119:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsa->loadQBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:123:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsa->loadGBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:127:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsa->loadYBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:149:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rsa->loadPublicModulusBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:151:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rsa->loadPublicExponentBase64BigNums(value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:175:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ec->loadPublicKeyBase64(curve.get(), value.rawCharBuffer(), (unsigned int) strlen(value.rawCharBuffer()));
data/xml-security-c-2.0.2/xsec/enc/XSECKeyInfoResolverDefault.cpp:193:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XSECCryptoKey* key = XSECPlatformUtils::g_cryptoProvider->keyDER(value.rawCharBuffer(), (unsigned int)strlen(value.rawCharBuffer()), true);
data/xml-security-c-2.0.2/xsec/samples/simpleDecrypt.cpp:135:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MemBufInputSource* memIS = new MemBufInputSource ((const XMLByte*) letter, (unsigned int) strlen(letter), "XSECMem");
data/xml-security-c-2.0.2/xsec/samples/simpleEncrypt.cpp:166:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509->loadX509Base64Bin(cert, (unsigned int) strlen(cert));
data/xml-security-c-2.0.2/xsec/samples/simpleHMAC.cpp:150:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) "secret", (unsigned int) strlen("secret"));
data/xml-security-c-2.0.2/xsec/samples/simpleValidate.cpp:135:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MemBufInputSource* memIS = new MemBufInputSource ((const XMLByte*) docToValidate, (unsigned int) strlen(docToValidate), "XSECMem");
data/xml-security-c-2.0.2/xsec/samples/simpleValidate.cpp:177:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509->loadX509Base64Bin(cert, (unsigned int) strlen(cert));
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:82:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < (int) strlen(path.rawCharBuffer()); ++i) {
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:198:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * name = new char[strlen(n)];
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:199:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * value = new char[strlen(n)];
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:350:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int clen = (int) strlen(cski);
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:552:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char * x509buf = new unsigned char[strlen(transb64cert)];
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:560:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509bufLen = b64.decode((unsigned char *) transb64cert, (unsigned int) strlen(transb64cert), x509buf, (unsigned int) strlen(transb64cert));
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:560:126: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509bufLen = b64.decode((unsigned char *) transb64cert, (unsigned int) strlen(transb64cert), x509buf, (unsigned int) strlen(transb64cert));
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:561:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x509bufLen += b64.decodeFinish(&x509buf[x509bufLen], (unsigned int) strlen(transb64cert) - x509bufLen);
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:580:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char * crlbuf = new unsigned char[strlen(transb64crl)];
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:588:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crlbufLen = b64.decode((unsigned char*) transb64crl, (unsigned int) strlen(transb64crl), crlbuf, (unsigned int) strlen(transb64crl));
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:588:121: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crlbufLen = b64.decode((unsigned char*) transb64crl, (unsigned int) strlen(transb64crl), crlbuf, (unsigned int) strlen(transb64crl));
data/xml-security-c-2.0.2/xsec/tools/checksig/InteropResolver.cpp:589:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crlbufLen += b64.decodeFinish(&crlbuf[crlbufLen], (unsigned int) strlen(transb64crl) - crlbufLen);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:272:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(DWORD) strlen(argv[paramCount]),
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:428:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:428:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:439:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(baseURI, "/");
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:449:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 8; i < strlen(baseURI); ++i) {
data/xml-security-c-2.0.2/xsec/tools/checksig/checksig.cpp:490:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) hmacKeyStr, (unsigned int) strlen(hmacKeyStr));
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:276:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < (int) strlen(path.rawCharBuffer()); ++i) {
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:348:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k->setKey((unsigned char *) s_bobKey, (unsigned int) strlen(s_bobKey));
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:359:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k->setKey((unsigned char *) s_jobKey, (unsigned int) strlen(s_jobKey));
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:370:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k->setKey((unsigned char *) s_jebKey, (unsigned int) strlen(s_jebKey));
data/xml-security-c-2.0.2/xsec/tools/cipher/XencInteropResolver.cpp:381:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k->setKey((unsigned char *) s_jedKey, (unsigned int) strlen(s_jedKey));
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:346:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[paramCount]) == 6) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:359:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[paramCount]) == 6) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:372:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[paramCount]) == 6) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:383:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[paramCount]) > 64) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:393:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CalculateXKMSKEK((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), kbuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:646:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:646:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:657:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(baseURI, "/");
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:667:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 8; i < strlen(baseURI); ++i) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:710:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read > 0) {
data/xml-security-c-2.0.2/xsec/tools/cipher/cipher.cpp:711:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
formatTarget->writeChars(buf, read, NULL);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:779:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) argv[paramCount + 1], (unsigned int) strlen(argv[paramCount + 1]));
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:903:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(DWORD) strlen(argv[paramCount]),
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1115:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1115:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1126:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(baseURI, "/");
data/xml-security-c-2.0.2/xsec/tools/templatesign/templatesign.cpp:1136:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 8; i < strlen(baseURI); ++i) {
data/xml-security-c-2.0.2/xsec/tools/threadTest/threadtest.cpp:269:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) "secret", (unsigned int) strlen("secret"));
data/xml-security-c-2.0.2/xsec/tools/threadTest/threadtest.cpp:351:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen(buf),
data/xml-security-c-2.0.2/xsec/tools/threadTest/threadtest.cpp:384:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) secretKey, (unsigned int) strlen(secretKey));
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:195:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * buf = new char[strlen(m_name) + 10];
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:203:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:492:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:492:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *baseURI = (char*)malloc(strlen(path) + 8 + 1 + strlen(filename) + 1);
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:500:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(baseURI, "/");
data/xml-security-c-2.0.2/xsec/tools/txfmout/txfmout.cpp:505:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i = 8; i < strlen(baseURI); ++i) {
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1157:112: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSRevocationCodeIdentifierEncoding2((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1182:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1579:112: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSRevocationCodeIdentifierEncoding1((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), rciBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1603:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:1983:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:2405:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSAuthenticationKey((unsigned char *) argv[paramCount], (int) strlen(argv[paramCount]), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3208:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = CalculateXKMSAuthenticationKey((unsigned char *) g_authPassPhrase, (int) strlen(g_authPassPhrase), keyBuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3379:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3380:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3381:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3383:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3384:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3387:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3388:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3389:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3500:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3501:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3502:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3505:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3506:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3509:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3510:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
data/xml-security-c-2.0.2/xsec/tools/xklient/xklient.cpp:3511:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:379:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hmacKey->setKey((unsigned char *) str, (unsigned int) strlen((char *)str));
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:1967:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
toEncryptStr, (unsigned int) strlen((char *) toEncryptStr), algorithm, mgf, oaepParams, oaepParamsLen
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:1981:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(decBuf, toEncryptStr, strlen((char *) toEncryptStr)) == 0) {
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:2000:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(decBuf, toEncryptStr, strlen((char *) toEncryptStr)) == 0) {
data/xml-security-c-2.0.2/xsec/tools/xtest/xtest.cpp:2059:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_tstOAEPparams, (unsigned int) strlen((char *) s_tstOAEPparams));
data/xml-security-c-2.0.2/xsec/transformers/TXFMChar.cpp:61:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
toOutput = in ? strlen(in) : 0;
data/xml-security-c-2.0.2/xsec/transformers/TXFMXSL.cpp:160:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::istrstream theXMLStream((char *) sbInDoc.rawBuffer(), (int) strlen((char *) sbInDoc.rawBuffer()));
data/xml-security-c-2.0.2/xsec/transformers/TXFMXSL.cpp:161:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::istrstream theXSLStream((char *) sbStyleSheet.rawBuffer(), (int) strlen((char *) sbStyleSheet.rawBuffer()));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:142:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = ((XMLSize_t) strlen(inStr) > initialSize ? (XMLSize_t) (strlen(inStr) * 2) : initialSize);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:142:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = ((XMLSize_t) strlen(inStr) > initialSize ? (XMLSize_t) (strlen(inStr) * 2) : initialSize);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:203:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) strlen(inStr));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:212:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) strlen((char *) inStr.buffer));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:220:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t len = (XMLSize_t) strlen(inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:222:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) buffer, inStr, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:232:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *) buffer, (char *) inStr.buffer, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:243:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) (strlen((char *) buffer) + strlen(inStr) + 1));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:243:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) (strlen((char *) buffer) + strlen(inStr) + 1));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:251:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) (strlen((char *) buffer) + strlen((char *) inStr.buffer) + 2));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:251:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
checkAndExpand((XMLSize_t) (strlen((char *) buffer) + strlen((char *) inStr.buffer) + 2));
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:258:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t len = (XMLSize_t) strlen(inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:259:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t totalLen = ((n < len) ? n : len) + (XMLSize_t)strlen((char *)buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:261:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat((char *) buffer, inStr, n);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:285:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t bl = (XMLSize_t) strlen((char *) buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:286:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t il = (XMLSize_t) strlen((char *) inStr);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:350:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t bl = (XMLSize_t) strlen((char *) buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:378:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t bl = strlen((char *) buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:409:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t i, l = (XMLSize_t) strlen((char *) buffer);
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:530:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XMLSize_t len = (XMLSize_t) strlen(t) + 1;
data/xml-security-c-2.0.2/xsec/utils/XSECSafeBuffer.cpp:630:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (XMLSize_t) (strlen ((char *) buffer));
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:181:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outBuffer << "Content-Length: " << strlen(content) << "\r\n"
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:205:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
aLent = read(s, (void *)inBuffer, sizeof(inBuffer)-1);
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:237:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
aLent = read(s,
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:315:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) < 256)
data/xml-security-c-2.0.2/xsec/utils/unixutils/XSECSOAPRequestorSimpleUnix.cpp:343:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
aLent = read(s, (void *)inBuffer, sizeof(inBuffer)-1);
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:203:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outBuffer << "Content-Length: " << strlen(content) << "\r\n"
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:221:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lent = strlen(content);
data/xml-security-c-2.0.2/xsec/utils/winutils/XSECSOAPRequestorSimpleWin32.cpp:355:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) < 256)
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:725:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
data/xml-security-c-2.0.2/xsec/xenc/impl/XENCAlgorithmHandlerDefault.cpp:927:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int bufLen = (unsigned int) strlen(oaepParamsStr.get());
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.cpp:243:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRecoverResultImpl.cpp:328:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.cpp:243:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE);
data/xml-security-c-2.0.2/xsec/xkms/impl/XKMSRegisterResultImpl.cpp:329:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = CalculateXKMSKEK((unsigned char *) passPhrase, (int) strlen(passPhrase), kbuf, XSEC_MAX_HASH_SIZE);
ANALYSIS SUMMARY:
Hits = 408
Lines analyzed = 101322 in approximately 2.17 seconds (46659 lines/second)
Physical Source Lines of Code (SLOC) = 45767
Hits@level = [0] 6 [1] 146 [2] 234 [3] 2 [4] 26 [5] 0
Hits@level+ = [0+] 414 [1+] 408 [2+] 262 [3+] 28 [4+] 26 [5+] 0
Hits/KSLOC@level+ = [0+] 9.04582 [1+] 8.91472 [2+] 5.72465 [3+] 0.611795 [4+] 0.568095 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.