Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/android-platform-external-boringssl-10.0.0+r36/crypto_test_data.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/err_data.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/abi_self_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_bitstr.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_bool.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_d2i_fp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_dup.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_enum.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_gentm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_i2d_fp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_int.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_mbstr.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_object.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_octet.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_print.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_strnid.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_time.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_type.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_utctm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_utf8.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn1_lib.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn1_locl.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn1_par.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn1_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn_pack.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_enum.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_int.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_string.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_dec.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_enc.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_fre.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_new.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_typ.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/tasn_utl.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/time_support.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_mem.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/connect.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/fd.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/file.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/hexdump.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/pair.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/printf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/socket.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/socket_helper.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bn_extra/bn_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bn_extra/convert.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/buf/buf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/buf/buf_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/asn1_compat.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/ber.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/bytestring_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/cbb.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/cbs.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/unicode.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/chacha/chacha.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/chacha/chacha_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/chacha/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/derive_key.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_aesccm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_aesctrhmac.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_aesgcmsiv.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_chacha20poly1305.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_null.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_rc2.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_rc4.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_tls.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/tls_cbc.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/compiler_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf_def.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/constant_time_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-aarch64-fuchsia.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-aarch64-linux.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-intel.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-ppc64le.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/crypto.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/curve25519/ed25519_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/curve25519/spake25519.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/curve25519/spake25519_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/curve25519/x25519_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dh/check.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dh/dh.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dh/dh_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dh/dh_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dh/params.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ec_extra/ec_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ecdh_extra/ecdh_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ecdh_extra/ecdh_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ecdsa_extra/ecdsa_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/engine/engine.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/digestsign.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_ctx.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_extra_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_dsa_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_ec.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_ec_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_ed25519.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_ed25519_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_rsa.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/p_rsa_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/pbkdf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/pbkdf_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/print.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/scrypt.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/scrypt_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/sign.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ex_data.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/aes.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/aes_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/key_wrap.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/mode_wrappers.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bcm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/add.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/asm/x86_64-gcc.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bytes.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/cmp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/ctx.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/div.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/div_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/exponentiation.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/gcd.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/gcd_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/generic.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/jacobi.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/montgomery.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/montgomery_inv.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/mul.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/prime.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/random.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/rsaz_exp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/rsaz_exp.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/shift.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/sqrt.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/aead.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/cipher.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/e_aes.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/e_des.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/delocate.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/des/des.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/des/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/digest/digest.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/digest/digests.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/digest/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/digest/md32_common.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/ec.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/ec_key.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/ec_montgomery.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/ec_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/felem.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/oct.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p224-64.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64-table.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/scalar.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/simple.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/simple_mul.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/util.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/wnaf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ecdh/ecdh.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ecdsa/ecdsa.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ecdsa/ecdsa_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/hmac/hmac.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/is_fips.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/md4/md4.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/md5/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/md5/md5.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/md5/md5_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/cbc.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/ccm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/cfb.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/ctr.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/gcm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/gcm_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/ofb.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/polyval.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/ctrdrbg.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/ctrdrbg_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/rand.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/urandom.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rsa/blinding.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rsa/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rsa/padding.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rsa/rsa.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rsa/rsa_impl.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/self_check/self_check.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/sha1-altivec.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/sha1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/sha256.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/sha512.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/sha/sha_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/tls/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/tls/kdf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hkdf/hkdf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hkdf/hkdf_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hmac_extra/hmac_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/impl_dispatch_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/lhash/lhash.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/lhash/lhash_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/mem.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_dat.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_xref.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_all.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_info.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_oth.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_pk8.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_pkey.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_xaux.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/pkcs7.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/pkcs7_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/pkcs7_x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/p5_pbev2.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs12_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/poly1305/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/poly1305/poly1305.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/poly1305/poly1305_arm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/poly1305/poly1305_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/poly1305/poly1305_vec.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pool/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pool/pool.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pool/pool_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/deterministic.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/forkunsafe.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/fuchsia.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/rand_extra.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/rand_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/windows.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rc4/rc4.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/refcount_c11.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/refcount_lock.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/refcount_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rsa_extra/rsa_asn1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rsa_extra/rsa_print.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rsa_extra/rsa_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/self_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/stack/stack.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/stack/stack_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test_gtest.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/gtest_main.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/gtest_main.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/malloc.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/test_util.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/test_util.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/wycheproof_util.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/wycheproof_util.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/thread.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/thread_none.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/thread_pthread.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/thread_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/thread_win.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_digest.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_sign.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_verify.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/algorithm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/asn1_gen.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_dir.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_file.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/charmap.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/i2d_pr.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/rsa_pss.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_crl.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_req.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509a.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/vpm_int.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_att.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_cmp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_d2.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_def.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_ext.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_lu.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_obj.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_r2x.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_req.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_set.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_time_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_trs.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_txt.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_v3.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_vfy.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_vpm.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509cset.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509name.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509rset.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509spki.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_algor.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_all.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_attrib.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_crl.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_exten.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_info.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_name.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_pkey.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_pubkey.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_req.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_sig.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_spki.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_val.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_x509.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x_x509a.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/ext_dat.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_cache.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_data.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_int.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_lib.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_map.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_node.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/pcy_tree.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/tab_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_akey.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_akeya.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_alt.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_bcons.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_bitst.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_conf.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_cpols.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_crld.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_enum.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_extku.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_genn.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_ia5.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_info.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_int.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_lib.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_ncons.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_ocsp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pci.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pcia.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pcons.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pku.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pmaps.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_prn.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_purp.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_skey.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_sxnet.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3name_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/bio/base64_bio.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/blowfish/blowfish.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/blowfish/blowfish_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cast/cast.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cast/cast_tables.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cast/cast_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cast/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cfb/cfb.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/cfb/cfb_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/des/cfb64ede.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/dh/dh_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/dsa/dsa_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/dss1.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/evp_do_all.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/macros.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/obj/obj_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/rc4/rc4_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ripemd/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ripemd/ripemd.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ripemd/ripemd_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/rsa/rsa_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ssl/ssl_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/x509/x509_decrepit.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/xts/xts.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_aes_gcm_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_aes_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ctr_drbg_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_keypair_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_pkv_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_siggen_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_sigver_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_hmac_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_kas_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_keywrap_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_main.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_rsa2_keygen_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_rsa2_siggen_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_rsa2_sigver_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_sha_monte_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_sha_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_tdes_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_test_util.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_test_util.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_tlskdf_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/test_fips.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/aead.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/aes.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/arm_arch.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/asn1.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/asn1_mac.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/asn1t.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/base.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/base64.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/bio.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/blowfish.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/bn.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/buf.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/buffer.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/bytestring.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cast.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/chacha.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cipher.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cmac.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/conf.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cpu.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/crypto.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/curve25519.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/des.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/dh.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/digest.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/dsa.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/dtls1.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/e_os2.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ec.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ec_key.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ecdh.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ecdsa.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/engine.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/err.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/evp.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ex_data.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/hkdf.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/hmac.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/hrss.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/is_boringssl.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/lhash.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/md4.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/md5.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/mem.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/nid.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/obj.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/obj_mac.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/objects.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/opensslconf.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/opensslv.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ossl_typ.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/pem.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/pkcs12.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/pkcs7.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/pkcs8.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/poly1305.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/pool.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/rand.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/rc4.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ripemd.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/rsa.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/safestack.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/sha.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/span.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/srtp.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ssl.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ssl3.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/stack.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/thread.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/tls1.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/type_check.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/x509.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/x509_vfy.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/x509v3.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/bio_ssl.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_both.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_lib.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_pkt.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_srtp.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/dtls_method.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/dtls_record.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handoff.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake_client.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake_server.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_both.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_lib.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_pkt.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/span_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_aead_ctx.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_asn1.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_buffer.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_cert.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_cipher.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_file.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_key_share.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_lib.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_privkey.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_session.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_stat.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_transcript.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_versions.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_x509.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_enc.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/async_bio.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/async_bio.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/bssl_shim.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/fuzzer.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/fuzzer_tags.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshaker.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/packeted_bio.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/packeted_bio.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/runner/curve25519/const_amd64.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/settings_writer.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/settings_writer.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_state.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_state.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_both.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_client.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_server.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls_method.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls_record.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519_32.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519_64.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519_tables.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256.c
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256_32.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256_64.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/args.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/ciphers.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/client.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/const.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/digest.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/file.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/generate_ed25519.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/genrsa.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/internal.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/pkcs12.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/rand.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/server.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/sign.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/speed.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/tool.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.h
Examining data/android-platform-external-boringssl-10.0.0+r36/src/util/ar/testdata/sample/bar.cc
Examining data/android-platform-external-boringssl-10.0.0+r36/src/util/ar/testdata/sample/foo.c
FINAL RESULTS:
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c:674:29: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
int (*gets)(BIO *, char *, int)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c:675:19: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
method->bgets = gets;
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/bio.h:662:44: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
int (*gets)(BIO *, char *, int));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/printf.c:72:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
out_len = vsnprintf(buf, sizeof(buf), format, args);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/printf.c:102:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
out_len = vsnprintf(out, requested_len + 1, format, args);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_extra.c:75:14: [4] (crypto) EVP_rc2_40_cbc:
These keysizes are too small given today's computers (CWE-327). Use a
different patent-free encryption algorithm with a larger keysize, such as
3DES or AES.
return EVP_rc2_40_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_extra.c:79:14: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_extra.c:95:12: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_extra.c:133:12: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_ecb();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_test.cc:75:12: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_test.cc:77:12: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_ecb();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/e_rc2.c:442:19: [4] (crypto) EVP_rc2_40_cbc:
These keysizes are too small given today's computers (CWE-327). Use a
different patent-free encryption algorithm with a larger keysize, such as
3DES or AES.
const EVP_CIPHER *EVP_rc2_40_cbc(void) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-intel.c:128:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (!sscanf(in + invert, "%" PRIu64, &v)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/e_des.c:91:36: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_cbc) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/e_des.c:118:36: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
DEFINE_METHOD_FUNCTION(EVP_CIPHER, EVP_des_ecb) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:530:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BN_HEX_FMT2, p.s.v[i]);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:537:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(BN_HEX_FMT2, p.a.v[i]);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/mem.c:268:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return vsnprintf(buf, n, format, args);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:194:16: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8.c:287:9: [4] (crypto) EVP_rc2_40_cbc:
These keysizes are too small given today's computers (CWE-327). Use a
different patent-free encryption algorithm with a larger keysize, such as
3DES or AES.
EVP_rc2_40_cbc,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc:234:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/evp_do_all.c:37:12: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
callback(EVP_des_cbc(), "DES-CBC", NULL, arg);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/evp_do_all.c:38:12: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
callback(EVP_des_ecb(), "DES-ECB", NULL, arg);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/evp_do_all.c:61:12: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
callback(EVP_des_cbc(), "des-cbc", NULL, arg);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/evp/evp_do_all.c:62:12: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
callback(EVP_des_ecb(), "des-ecb", NULL, arg);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ripemd/ripemd_test.cc:112:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, u8"Digest incorrect for “million a's” test: ");
data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_test_util.cc:36:12: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_cbc();
data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_test_util.cc:38:12: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
return EVP_des_ecb();
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cipher.h:77:34: [4] (crypto) EVP_des_cbc:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_cbc(void);
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cipher.h:78:34: [4] (crypto) EVP_des_ecb:
DES only supports a 56-bit keysize, which is too small given today's
computers (CWE-327). Use a different patent-free encryption algorithm with
a larger keysize, such as 3DES or AES.
OPENSSL_EXPORT const EVP_CIPHER *EVP_des_ecb(void);
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cipher.h:106:19: [4] (crypto) EVP_rc2_40_cbc:
These keysizes are too small given today's computers (CWE-327). Use a
different patent-free encryption algorithm with a larger keysize, such as
3DES or AES.
const EVP_CIPHER *EVP_rc2_40_cbc(void);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-intel.c:225:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env1 = getenv("OPENSSL_ia32cap");
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1709:51: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bssl::UniquePtr<BIGNUM> power_of_two(BN_new()), random(BN_new()),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1712:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ASSERT_TRUE(random);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1730:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BN_rand(random.get(), len, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1733:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
EXPECT_FALSE(BN_is_pow2(random.get()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1737:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BN_mod(expected.get(), random.get(), power_of_two.get(), ctx()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1738:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ASSERT_TRUE(BN_mod_pow2(actual.get(), random.get(), e));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1744:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BN_nnmod(expected.get(), random.get(), power_of_two.get(), ctx()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1745:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ASSERT_TRUE(BN_nnmod_pow2(actual.get(), random.get(), e));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1750:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BN_set_negative(random.get(), 1);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1752:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
BN_nnmod(expected.get(), random.get(), power_of_two.get(), ctx()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/bn/bn_test.cc:1753:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ASSERT_TRUE(BN_nnmod_pow2(actual.get(), random.get(), e));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/malloc.cc:83:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *env = getenv("MALLOC_NUMBER_TO_FAIL");
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/malloc.cc:93:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
break_on_fail = (NULL != getenv("MALLOC_BREAK_ON_FAIL"));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_dir.c:128:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dir = (char *)getenv(X509_get_default_cert_dir_env());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_file.c:96:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
file = getenv(X509_get_default_cert_file_env());
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ssl.h:3603:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const uint8_t *random;
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake_server.cc:567:55: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_both.cc:407:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint8_t random[SSL3_RANDOM_SIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_both.cc:408:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
OPENSSL_memset(random, 0, SSL3_RANDOM_SIZE);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/s3_both.cc:430:35: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
!CBB_add_bytes(&hello_body, random, SSL3_RANDOM_SIZE) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:209:21: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
CBS client_hello, random, session_id;
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:212:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
!CBS_get_bytes(&client_hello, &random, SSL3_RANDOM_SIZE) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:218:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
out->random = CBS_data(&random);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:219:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
out->random_len = CBS_len(&random);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/fuzzer.h:271:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
: debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
data/android-platform-external-boringssl-10.0.0+r36/src/tool/client.cc:355:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *keylog_file = getenv("SSLKEYLOGFILE");
data/android-platform-external-boringssl-10.0.0+r36/src/tool/server.cc:220:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *keylog_file = getenv("SSLKEYLOGFILE");
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_enum.c:77:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(long) + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_int.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->data, &v, sizeof(v));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_mbstr.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[32];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_object.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80], *p = buf;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_enum.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_int.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/f_string.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_test.cc:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DECIMAL_SIZE(int) + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_test.cc:100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_test.cc:123:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(kTestMessage)];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/connect.c:533:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DECIMAL_SIZE(int) + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/file.c:97:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, mode);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/file.c:184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[4];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/file.c:226:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(ptr, p);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/hexdump.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char right_chars[18]; // the contents of the right-hand side, ASCII dump.
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/hexdump.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/hexdump.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/printf.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *out, out_malloced = 0;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/cbs.c:582:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DECIMAL_SIZE(uint64_t) + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc:34:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[40];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc:253:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out.data() + in.size() - extra_in_size, out_tag.data(),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc:704:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_t tag_size = static_cast<size_t>(atoi(tag_size_str.c_str()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc:769:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(key_size_str.c_str())) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/aead_test.cc:790:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(key_size_str.c_str())) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cipher_extra/cipher_test.cc:318:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(key_size.c_str())) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc:137:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch (atoi(key_size.c_str())) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc:155:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_t tag_len = static_cast<size_t>(atoi(tag_size.c_str())) / 8;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc:211:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(m_len.c_str()) == 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc:214:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EXPECT_EQ(static_cast<size_t>(atoi(m_len.c_str())), msg.size());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cmac/cmac_test.cc:217:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_t tag_len = static_cast<size_t>(atoi(t_len.c_str()));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/compiler_test.cc:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chars[256];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char btmp[DECIMAL_SIZE(eline) + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux.c:39:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = open(path, flags);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest_hex[2*EVP_MAX_MD_SIZE + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa.c:201:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed[SHA256_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa.c:202:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA256_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/dsa/dsa.c:203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/ecdh_extra/ecdh_test.cc:287:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[64];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:372:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ERR_ERROR_STRING_BUF_LEN];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lib_buf[64], reason_buf[64];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const kLibraryNames[ERR_NUM_LIBS] = {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:582:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ERR_ERROR_STRING_BUF_LEN];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:583:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err_test.cc:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_test.cc:203:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ctx, atoi(t->GetAttributeOrDie("PSSSaltLength").c_str()))) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_test.cc:387:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(t->GetAttributeOrDie("VerifyPSSSaltLength").c_str()))) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/evp_test.cc:476:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pss_salt_len = atoi(s_len.c_str());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/aes/aes_test.cc:146:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ASSERT_EQ(static_cast<unsigned>(atoi(key_size.c_str())), key.size() * 8);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/aead.c:192:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ctx->aead->open) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/aead.c:193:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, in,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/cipher/internal.h:92:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64_test.cc:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2 * BN_BYTES + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64_test.cc:202:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *expected_expr, const char *actual_expr,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/ec/p256-x86_64_test.cc:202:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *expected_expr, const char *actual_expr,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/cfb.c:190:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/cfb.c:190:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/cfb.c:192:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ivec[16], unsigned *num, int enc,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/gcm_test.cc:182:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gcm.gcm_key.H, kH, sizeof(kH));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/gcm_test.cc:183:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gcm.gcm_key.Htable, Htable, sizeof(Htable));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/modes/gcm_test.cc:184:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gcm.Xi, X, sizeof(X));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/urandom.c:188:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/urandom", O_RDONLY);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/self_check/self_check.c:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/self_check/self_check.c:408:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aes_iv, kAESIV, sizeof(kAESIV));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:852:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b_a, kOneBytes, sizeof(kOneBytes));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:859:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f_s, in->s.v, WORDS_PER_POLY * sizeof(crypto_word_t));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:861:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f_a, in->a.v, WORDS_PER_POLY * sizeof(crypto_word_t));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:866:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&g_a[5], kBottomSixtyOne, sizeof(kBottomSixtyOne));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->s.v, b_s, WORDS_PER_POLY * sizeof(crypto_word_t));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:910:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->a.v, b_a, WORDS_PER_POLY * sizeof(crypto_word_t));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:1147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, result, sizeof(result));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/hrss/hrss.c:1235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, result, sizeof(result));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/internal.h:730:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return memcpy(dst, src, n);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/mem.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, orig_ptr, to_copy);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_test.cc:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_buf[1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_test.cc:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_info.c:285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:102:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char map[17] = "0123456789ABCDEF";
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:280:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[EVP_MAX_KEY_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[EVP_MAX_IV_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:375:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[EVP_MAX_KEY_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:601:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_pk8.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_pk8.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psbuf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_pkey.c:101:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char psbuf[PEM_BUFSIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:305:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm6, &ctx_.Xmm6, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm7, &ctx_.Xmm7, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm8, &ctx_.Xmm8, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm9, &ctx_.Xmm9, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm10, &ctx_.Xmm10, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm11, &ctx_.Xmm11, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm12, &ctx_.Xmm12, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:312:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm13, &ctx_.Xmm13, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm14, &ctx_.Xmm14, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&state.xmm15, &ctx_.Xmm15, sizeof(Reg128));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char starting_ip_buf_[64];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char starting_ip_buf_[64];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[512];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:608:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:612:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[128];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:691:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = HandleEINTR([&] { return open(path, O_RDONLY); });
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc:208:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[32];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc:410:53: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
explicit FileLineReader(const char *path) : file_(fopen(path, "r")) {}
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test_gtest.cc:54:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, data_.data() + offset_, idx - offset_);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmphex[HEX_SIZE(uint32_t) + 3];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:241:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char utfbuf[6];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hextmp[2];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objtmp[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/asn1_gen.c:413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erch[2];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509.c:255:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char SHA1md[SHA_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509.c:360:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const mon[12] = {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/t_x509a.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oidstr[80], first;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_cmp.c:90:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_cmp.c:228:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[SHA_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_cmp.c:251:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_obj.c:85:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789ABCDEF";
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_obj.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_txt.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_vpm.c:517:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipout[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_alt.c:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oline[256], htmp[5];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_extku.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_tmp[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_info.c:122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objtmp[80], *ntmp;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pmaps.c:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_tmp1[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pmaps.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_tmp2[80];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_skey.c:112:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pkey_dig[EVP_MAX_MD_SIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:1061:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipout[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:1079:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipout[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:1103:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ipout[32];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:1176:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3name_test.cc:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/bio/base64_bio.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/bio/base64_bio.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[B64_BLOCK_SIZE];
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ssl/ssl_decrepit.c:147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_pkv_test.cc:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_ecdsa2_sigver_test.cc:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/fipstools/cavp_rsa2_sigver_test.cc:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/cipher.h:544:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[EVP_MAX_IV_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/ssl.h:2145:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
enum ssl_ticket_aead_result_t (*open)(SSL *ssl, uint8_t *out, size_t *out_len,
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/x509.h:263:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/x509.h:434:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1_hash[SHA_DIGEST_LENGTH];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake_client.cc:1282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identity[PSK_MAX_IDENTITY_LEN + 1];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/internal.h:998:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[8], alias[11];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_privkey.cc:431:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[kMaxSignatureAlgorithmNameLen];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_privkey.cc:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[kMaxSignatureAlgorithmNameLen];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[8];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:2843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ERR_ERROR_STRING_BUF_LEN];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:2928:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:3555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char retry_count[256];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:3870:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:4151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:3563:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hs->ssl->session_ctx->ticket_aead_method->open(
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/bssl_shim.cc:165:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/fuzzer.h:546:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, CBS_data(&b->cbs), len);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/fuzzer.h:557:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, CBS_data(&packet), len);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:113:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:185:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[64];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/settings_writer.cc:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DECIMAL_SIZE(int)];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/settings_writer.cc:79:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ScopedFILE file(fopen(path_.c_str(), "w"), fclose);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:289:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*int_field = atoi(argv[*i]);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:305:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_vector_field->push_back(atoi(argv[*i]));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:485:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:506:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:832:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char e[64];
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:982:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char aslide[256];
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:983:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char bslide[256];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/client.cc:301:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ScopedFILE f(fopen(filename, "rb"));
data/android-platform-external-boringssl-10.0.0+r36/src/tool/client.cc:357:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_keylog_file = fopen(keylog_file, "a");
data/android-platform-external-boringssl-10.0.0+r36/src/tool/digest.cc:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex_digest[EVP_MAX_MD_SIZE * 2];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/digest.cc:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[EVP_MAX_MD_SIZE * 2 + 2 /* spaces */ + PATH_MAX + 1 /* newline */ +
data/android-platform-external-boringssl-10.0.0+r36/src/tool/generate_ed25519.cc:39:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ScopedFILE file(fopen(path.c_str(), "wb"));
data/android-platform-external-boringssl-10.0.0+r36/src/tool/internal.h:40:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define BORINGSSL_OPEN open
data/android-platform-external-boringssl-10.0.0+r36/src/tool/pkcs12.cc:103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[256];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/rand.cc:75:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hextable[16 + 1] = "0123456789abcdef";
data/android-platform-external-boringssl-10.0.0+r36/src/tool/server.cc:93:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ScopedFILE f(fopen(filename, "rb"));
data/android-platform-external-boringssl-10.0.0+r36/src/tool/server.cc:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request[4];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/server.cc:222:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_keylog_file = fopen(keylog_file, "a");
data/android-platform-external-boringssl-10.0.0+r36/src/tool/speed.cc:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/speed.cc:871:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_timeout_seconds = atoi(args_map["-timeout"].c_str());
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:222:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin6_port = htons(atoi(port.c_str()));
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:589:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!stdin_->open);
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:610:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (stdin_->buffer.empty() && stdin_->open) {
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_[512];
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_gentm.c:194:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t.length = strlen(str);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_gentm.c:254:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmps->length = strlen(p);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_mbstr.c:100:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)in);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_time.c:168:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t.length = strlen(str);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_utctm.c:170:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t.length = strlen(str);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/a_utctm.c:232:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->length = strlen(p);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/asn1/asn1_lib.c:345:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:113:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t in_len = strlen(in);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:130:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t decoded_len = strlen(t.decoded);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:183:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t expected_len = strlen(t.decoded);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:194:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t decoded_len = strlen(t.decoded);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:220:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::vector<uint8_t> out_vec(strlen(t.encoded));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:228:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(t.encoded));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/base64/base64_test.cc:254:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t encoded_len = strlen(t.encoded);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c:195:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return BIO_write(bio, in, strlen(in));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c:668:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(BIO *, char *, int)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio.c:669:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
method->bread = read;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/bio_mem.c:72:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t size = len < 0 ? strlen((char *)buf) : (size_t)len;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/connect.c:144:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host_len = strlen(name);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/fd.c:123:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define BORINGSSL_READ read
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/file.c:273:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = strlen(buf);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bio/socket.c:118:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(b->num, out, outl);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/buf/buf.c:153:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return BUF_strndup(str, strlen(str));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/buf/buf.c:207:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return l + strlen(src);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/bytestring_test.cc:957:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(CBB_add_asn1_oid_from_text(cbb.get(), t.text, strlen(t.text)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/bytestring_test.cc:975:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_FALSE(CBB_add_asn1_oid_from_text(cbb.get(), t, strlen(t)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/bytestring/cbs.c:584:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c:218:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(from) + 1;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c:330:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newsize = strlen(p) + buf->length - (e - from);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c:564:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ii = i = strlen(p);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/conf/conf.c:782:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpend = lstart + strlen(lstart) - 1;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux.c:47:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, out, len);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux.h:47:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t b_len = strlen(b);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/cpu-arm-linux_test.cc:227:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRING_PIECE sp = {t.cpuinfo, strlen(t.cpuinfo)};
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/crypto.c:133:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#pragma section(".CRT$XCU", read)
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:168:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), test->input, strlen(test->input)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:189:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::vector<char> unaligned(strlen(test->input) + 1);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:194:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OPENSSL_memcpy(ptr, test->input, strlen(test->input));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:196:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(EVP_DigestUpdate(ctx.get(), ptr, strlen(test->input)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/digest_extra/digest_test.cc:204:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(test->input), digest.get());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:418:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) == len - 1) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:601:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (callback(buf2, strlen(buf2), ctx) <= 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err.c:684:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substr_len = strlen(substr);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err_test.cc:111:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t suffix_len = strlen(suffix);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/err/err_test.cc:112:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_len = strlen(str);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/pbkdf_test.cc:127:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t password_len = strlen(kPassword);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/scrypt_test.cc:68:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_FALSE(EVP_PBE_scrypt(kPassword, strlen(kPassword),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/evp/scrypt_test.cc:70:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kSalt), 1048576 /* N */, 8 /* r */,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/urandom.c:230:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250000);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/fipsmodule/rand/urandom.c:300:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(*urandom_fd_bss_get(), out, len);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/lhash/lhash.c:347:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return OPENSSL_hash32(c, strlen(c));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/mem.c:211:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(s) + 1;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj.c:398:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!CBB_add_asn1_oid_from_text(&cbb, oid, strlen(oid)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/obj/obj_test.cc:83:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int expected_len = static_cast<int>(strlen(expected));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_info.c:198:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key_type != EVP_PKEY_NONE && strlen(header) > 10) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_info.c:327:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(buf);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:335:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(objstr) + 23 + 2 * iv_len + 13 <= sizeof buf);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:534:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(name);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:541:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(header);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:632:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(&(buf[11]));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:726:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(nameB->data);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pem/pem_lib.c:771:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((char *)userdata);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/pkcs7_test.cc:622:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs7/pkcs7_test.cc:632:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c:171:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = strlen(pass);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c:206:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pass_len = strlen(pass);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c:666:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx.password_len = password != NULL ? strlen(password) : 0;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c:967:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CBS_init(&name_cbs, (const uint8_t *)name, strlen(name));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/pkcs8/pkcs8_x509.c:1145:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t password_len = password != NULL ? strlen(password) : 0;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/rand_extra/rand_test.cc:97:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = read(pipefds[0], out.data(), out.size());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:204:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(stderr_handle, buf, strlen(buf), &unused, nullptr);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(STDERR_FILENO, buf, strlen(buf));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:406:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(starting_ip_buf_);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/abi_test.cc:698:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret = HandleEINTR([&] { return read(fd, buf, sizeof(buf)); });
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc:117:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf.get());
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/file_test.cc:430:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(out) == len - 1 && out[len - 2] != '\n' && !feof(file_)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/test/test_util.h:45:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: span_(reinterpret_cast<const uint8_t *>(str), strlen(str)) {}
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:374:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outlen += strlen(tagname);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/a_strex.c:555:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objlen = strlen(objbuf);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/asn1_gen.c:637:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tagstr);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_dir.c:216:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ent->dir) == len &&
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_dir.c:315:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/by_dir.c:338:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = ent->dir[strlen(ent->dir) - 1];
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_cmp.c:97:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_obj.c:117:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen(s);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:666:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:674:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:683:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
BIO_new_mem_buf(const_cast<char *>(pem), strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:884:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:884:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{kHostname, strlen(kHostname), kWrongHostname, strlen(kWrongHostname),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:886:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:886:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{kEmail, strlen(kEmail), kWrongEmail, strlen(kWrongEmail),
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:975:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
1, X509_check_host(leaf.get(), kHostname, strlen(kHostname), 0, nullptr));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:977:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kWrongHostname), 0, nullptr));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:979:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(1, X509_check_email(leaf.get(), kEmail, strlen(kEmail), 0));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:981:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
X509_check_email(leaf.get(), kWrongEmail, strlen(kWrongEmail), 0));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:1185:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_test.cc:1376:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(ASN1_STRING_set(tm.get(), t.val, strlen(t.val)));
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_time_test.cc:225:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t.length = strlen(test.data);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509_vfy.c:773:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (X509_check_host(x, name, strlen(name), id->hostflags,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509name.c:363:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)bytes);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509/x509spki.c:87:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_alt.c:519:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value))) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_conf.c:236:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_conf.c:250:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_conf.c:253:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_cpols.c:253:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cnf->value)))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_cpols.c:326:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cnf->value)))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_cpols.c:341:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(cnf->value)))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_ia5.c:114:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(str))) {
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_info.c:136:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_info.c:136:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_ncons.c:478:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlen = strlen(hostptr);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_pci.c:157:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_len = strlen(val->value + 5);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_sxnet.c:197:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userlen = strlen(user);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_sxnet.c:218:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
userlen = strlen(user);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:178:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tmp) + 3;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:432:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p + strlen(p) - 1;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:481:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:537:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cmp);
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:918:67: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:960:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal_fn equal;
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:999:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((rv = do_check_string(cstr, alt_type, equal, flags,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3_utl.c:1024:44: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if ((rv = do_check_string(str, -1, equal, flags,
data/android-platform-external-boringssl-10.0.0+r36/src/crypto/x509v3/v3name_test.cc:339:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(*pname);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ripemd/ripemd_test.cc:66:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t input_len = strlen(test.input);
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ssl/ssl_decrepit.c:148:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(dirent->d_name) + 2 > sizeof(buf)) {
data/android-platform-external-boringssl-10.0.0+r36/src/decrepit/ssl/ssl_decrepit.c:148:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) + strlen(dirent->d_name) + 2 > sizeof(buf)) {
data/android-platform-external-boringssl-10.0.0+r36/src/include/openssl/bio.h:657:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(BIO *, char *, int));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_srtp.cc:150:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(p->name) && !strncmp(p->name, profile_name, len)) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/d1_srtp.cc:178:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col ? (size_t)(col - ptr) : strlen(ptr))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handoff.cc:243:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_len = strlen(s3->hostname.get());
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/handshake_server.cc:914:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: strlen(hs->config->psk_identity_hint.get());
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_asn1.cc:250:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(in->psk_identity.get()))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_asn1.cc:760:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*out_len = strlen(kNotResumableSession);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_key_share.cc:373:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(group.name) &&
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_key_share.cc:378:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(group.alias) &&
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_lib.cc:351:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CBB_init(cbb.get(), strlen(label) + 1 + SSL3_RANDOM_SIZE * 2 + 1 +
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_lib.cc:353:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!CBB_add_bytes(cbb.get(), (const uint8_t *)label, strlen(label)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_lib.cc:2065:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_lib.cc:2527:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_session.cc:473:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTicketPlaceholder));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:725:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!EVP_DecodedLength(&len, strlen(in))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:732:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(in))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1166:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1188:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1207:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kCertPEM, strlen(kCertPEM)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1218:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1224:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(pem, strlen(pem)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/ssl_test.cc:1334:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bssl::UniquePtr<BIO> bio(BIO_new_mem_buf(kKeyPEM, strlen(kKeyPEM)));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:379:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col ? (size_t)(col - ptr) : strlen(ptr))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/t1_lib.cc:615:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(ssl->hostname.get())) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/bssl_shim.cc:917:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSL_write(ssl, kInitialWrite, strlen(kInitialWrite));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/bssl_shim.cc:924:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (WriteAll(ssl, kInitialWrite, strlen(kInitialWrite)) < 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/bssl_shim.cc:978:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (WriteAll(ssl, kInitialWrite, strlen(kInitialWrite)) < 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:149:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, out, len);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:238:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < 1) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:242:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t written = write_eintr(rfd, readbuf, read);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:247:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (written != read) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshake_util.cc:248:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fprintf(stderr, "short write (%zu of %d bytes)\n", written, read);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshaker.cc:76:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(control, &msg, 1) != 1 ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/handshaker.cc:117:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(fd, out, len);
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:263:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!EVP_DecodedLength(&len, strlen(argv[*i]))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:270:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(argv[*i]))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:329:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(flag, kInit, strlen(kInit)) == 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:330:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ParseFlag(flag + strlen(kInit), argc, argv, &i, skip, out_initial)) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:333:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(flag, kResume, strlen(kResume)) == 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:334:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ParseFlag(flag + strlen(kResume), argc, argv, &i, skip,
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:338:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(flag, kRetry, strlen(kRetry)) == 0) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/test/test_config.cc:339:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!ParseFlag(flag + strlen(kRetry), argc, argv, &i, skip, out_retry)) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:79:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!CBB_init(cbb.get(), 2 + 1 + strlen(kTLS13ProtocolLabel) + label_len + 1 +
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:84:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13ProtocolLabel)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:109:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelDerived), derive_context,
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:230:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelClientEarlyTraffic)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:235:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelEarlyExporter))) {
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:265:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelClientHandshakeTraffic)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:270:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelServerHandshakeTraffic)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:302:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelClientApplicationTraffic)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:307:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelServerApplicationTraffic)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:311:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kTLS13LabelExporter, strlen(kTLS13LabelExporter)) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:354:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelApplicationTraffic), NULL, 0,
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:373:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kTLS13LabelResumption, strlen(kTLS13LabelResumption));
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:387:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelFinished), NULL, 0, hash_len) ||
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:421:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelResumptionPSK), nonce.data(),
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:454:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kTLS13LabelExportKeying), hash, hash_len,
data/android-platform-external-boringssl-10.0.0+r36/src/ssl/tls13_enc.cc:480:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kTLS13LabelPSKBinder, strlen(kTLS13LabelPSKBinder),
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:716:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static uint8_t equal(signed char b, signed char c) {
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:772:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(&e, &multiples[j-1], equal(index, j));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:806:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:807:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:808:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:809:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:810:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:811:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:812:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:813:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/curve25519.c:934:38: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_cached(&selected, &Ai[j], equal(j, index));
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256.c:720:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
fe_cmovznz(out[0], mismatch, pre_comp[i][0], out[0]);
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256.c:721:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
fe_cmovznz(out[1], mismatch, pre_comp[i][1], out[1]);
data/android-platform-external-boringssl-10.0.0+r36/src/third_party/fiat/p256.c:722:24: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
fe_cmovznz(out[2], mismatch, pre_comp[i][2], out[2]);
data/android-platform-external-boringssl-10.0.0+r36/src/tool/client.cc:161:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outlen = strlen(reinterpret_cast<const char *>(arg));
data/android-platform-external-boringssl-10.0.0+r36/src/tool/digest.cc:267:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(line);
data/android-platform-external-boringssl-10.0.0+r36/src/tool/internal.h:43:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define BORINGSSL_READ read
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:424:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(STDIN_FILENO, out, max_out);
data/android-platform-external-boringssl-10.0.0+r36/src/tool/transport_common.cc:953:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!SendAll(sock, buf, strlen(buf))) {
ANALYSIS SUMMARY:
Hits = 455
Lines analyzed = 256202 in approximately 36.02 seconds (7113 lines/second)
Physical Source Lines of Code (SLOC) = 178883
Hits@level = [0] 581 [1] 206 [2] 190 [3] 28 [4] 28 [5] 3
Hits@level+ = [0+] 1036 [1+] 455 [2+] 249 [3+] 59 [4+] 31 [5+] 3
Hits/KSLOC@level+ = [0+] 5.79149 [1+] 2.54356 [2+] 1.39197 [3+] 0.329825 [4+] 0.173298 [5+] 0.0167707
Symlinks skipped = 1 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.