Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/aprx-2.9.0+dfsg/agwpesocket.c Examining data/aprx-2.9.0+dfsg/aprsis.c Examining data/aprx-2.9.0+dfsg/aprx-stat.c Examining data/aprx-2.9.0+dfsg/aprx.c Examining data/aprx-2.9.0+dfsg/aprx.h Examining data/aprx-2.9.0+dfsg/aprxpolls.c Examining data/aprx-2.9.0+dfsg/ax25.c Examining data/aprx-2.9.0+dfsg/beacon.c Examining data/aprx-2.9.0+dfsg/cellmalloc.c Examining data/aprx-2.9.0+dfsg/cellmalloc.h Examining data/aprx-2.9.0+dfsg/config.c Examining data/aprx-2.9.0+dfsg/crc.c Examining data/aprx-2.9.0+dfsg/digipeater.c Examining data/aprx-2.9.0+dfsg/dprsgw.c Examining data/aprx-2.9.0+dfsg/dupecheck.c Examining data/aprx-2.9.0+dfsg/erlang.c Examining data/aprx-2.9.0+dfsg/filter.c Examining data/aprx-2.9.0+dfsg/historydb.c Examining data/aprx-2.9.0+dfsg/historydb.h Examining data/aprx-2.9.0+dfsg/hlog.c Examining data/aprx-2.9.0+dfsg/hlog.h Examining data/aprx-2.9.0+dfsg/igate.c Examining data/aprx-2.9.0+dfsg/interface.c Examining data/aprx-2.9.0+dfsg/keyhash.c Examining data/aprx-2.9.0+dfsg/keyhash.h Examining data/aprx-2.9.0+dfsg/kiss.c Examining data/aprx-2.9.0+dfsg/netax25.c Examining data/aprx-2.9.0+dfsg/netresolver.c Examining data/aprx-2.9.0+dfsg/parse_aprs.c Examining data/aprx-2.9.0+dfsg/pbuf.c Examining data/aprx-2.9.0+dfsg/pbuf.h Examining data/aprx-2.9.0+dfsg/ssl.c Examining data/aprx-2.9.0+dfsg/ssl.h Examining data/aprx-2.9.0+dfsg/telemetry.c Examining data/aprx-2.9.0+dfsg/test.c Examining data/aprx-2.9.0+dfsg/timercmp.c Examining data/aprx-2.9.0+dfsg/timestamp.c Examining data/aprx-2.9.0+dfsg/ttyreader.c Examining data/aprx-2.9.0+dfsg/valgrind.c FINAL RESULTS: data/aprx-2.9.0+dfsg/aprsis.c:170:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. addrlen = sprintf(addrbuf, "%s,qA%c,%s:", addr, qtype, data/aprx-2.9.0+dfsg/aprsis.c:380:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, "user %s pass %s vers %s %s", A->H->login, data/aprx-2.9.0+dfsg/aprsis.c:383:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s += sprintf(s, " filter %s", A->H->filterparam); data/aprx-2.9.0+dfsg/aprx.c:595:4: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/aprx-2.9.0+dfsg/aprx.c:622:13: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/aprx-2.9.0+dfsg/aprx.h:57:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define strcpy aprx_strcpy data/aprx-2.9.0+dfsg/aprx.h:68:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). extern char *strcpy(char *dest, const char *src); data/aprx-2.9.0+dfsg/beacon.c:500:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%c%s%c%s", type, lat, code[0], lon, data/aprx-2.9.0+dfsg/beacon.c:504:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s111111z%s%c%s%c%s", type, lat, code[0], lon, data/aprx-2.9.0+dfsg/beacon.c:507:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, ";%-9.9s*111111z%s%c%s%c%s", name, lat, code[0], lon, data/aprx-2.9.0+dfsg/beacon.c:511:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, ")%-3.9s!%s%c%s%c%s", name, lat, code[0], lon, data/aprx-2.9.0+dfsg/beacon.c:867:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(filename, "aprx", NULL); data/aprx-2.9.0+dfsg/beacon.c:997:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(destbuf,"%s>%s,%s,TCPIP*", src, bm->dest, bm->via); data/aprx-2.9.0+dfsg/beacon.c:999:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(destbuf,"%s>%s,TCPIP*", src, bm->dest); data/aprx-2.9.0+dfsg/beacon.c:1021:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s*,%s", callsign, bm->via ); data/aprx-2.9.0+dfsg/beacon.c:1023:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s*", callsign ); data/aprx-2.9.0+dfsg/beacon.c:1026:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s", bm->via ); data/aprx-2.9.0+dfsg/beacon.c:1099:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(destbuf,"%s>%s,%s,TCPIP*", src, bm->dest, bm->via); data/aprx-2.9.0+dfsg/beacon.c:1101:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(destbuf,"%s>%s,TCPIP*", src, bm->dest); data/aprx-2.9.0+dfsg/beacon.c:1123:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s*,%s", callsign, bm->via ); data/aprx-2.9.0+dfsg/beacon.c:1125:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s*", callsign ); data/aprx-2.9.0+dfsg/beacon.c:1128:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. dp += sprintf( dp, "%s", bm->via ); data/aprx-2.9.0+dfsg/cellmalloc.c:88:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "/tmp/.-%d-%s-%d.mmap", getpid(), ca->arenaname, ca->cellblocks_count ); data/aprx-2.9.0+dfsg/config.c:374:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:388:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:398:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:403:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:410:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:416:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:422:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/config.c:427:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(errmsg, cf->name, cf->linenum); data/aprx-2.9.0+dfsg/dprsgw.c:349:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(aprssymbol, gps2aprsSyms[mid].aprs); data/aprx-2.9.0+dfsg/dprsgw.c:591:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", s); data/aprx-2.9.0+dfsg/dprsgw.c:603:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", s); data/aprx-2.9.0+dfsg/dprsgw.c:622:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", s); data/aprx-2.9.0+dfsg/dprsgw.c:630:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", gga[5]); // <E|W> data/aprx-2.9.0+dfsg/dprsgw.c:632:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. p += sprintf(p, "%s", rmc[6]); // <E|W> data/aprx-2.9.0+dfsg/erlang.c:171:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(EF->head.title, erlangtitle); data/aprx-2.9.0+dfsg/erlang.c:536:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgbuf, data/aprx-2.9.0+dfsg/erlang.c:582:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgbuf, data/aprx-2.9.0+dfsg/erlang.c:623:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msgbuf, data/aprx-2.9.0+dfsg/filter.c:889:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, " %s", filt0); data/aprx-2.9.0+dfsg/filter.c:893:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%s %s", p, filt0); /* .. and catenate. */ data/aprx-2.9.0+dfsg/filter.c:1448:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f->textbuf, filt0); data/aprx-2.9.0+dfsg/filter.c:1456:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f->textbuf, filt); /* and copy of filter text */ data/aprx-2.9.0+dfsg/hlog.c:139:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, LOG_LEN, fmt, args); data/aprx-2.9.0+dfsg/hlog.c:145:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret + len, buf); data/aprx-2.9.0+dfsg/hlog.c:190:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(log_fname, "%s/%s", log_dir, log_basename); data/aprx-2.9.0+dfsg/hlog.c:276:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s.tmp", log_fname); data/aprx-2.9.0+dfsg/hlog.c:299:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(r1, "%s.%d", log_fname, i-1); data/aprx-2.9.0+dfsg/hlog.c:300:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(r2, "%s.%d", log_fname, i); data/aprx-2.9.0+dfsg/hlog.c:383:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(s, LOG_LEN, fmt, args); data/aprx-2.9.0+dfsg/hlog.c:410:6: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. l = vsnprintf(s, LOG_LEN, fmt, args); data/aprx-2.9.0+dfsg/hlog.c:435:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(accesslog_fname, "%s/%s", accesslog_dir, accesslog_basename); data/aprx-2.9.0+dfsg/hlog.c:485:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(s, LOG_LEN, fmt, args); data/aprx-2.9.0+dfsg/interface.c:619:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *) (aif->tty->ttyname), "tcp!%s!%s!", host, port); data/aprx-2.9.0+dfsg/interface.c:721:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *) (aif->tty->ttyname), "tcp!%s!%s[%s]", data/aprx-2.9.0+dfsg/interface.c:1315:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "%s>%s:", fromcall, origtocall); data/aprx-2.9.0+dfsg/interface.c:1434:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. a += sprintf((char*)a, "}%s>%s,%s,%s*:", data/aprx-2.9.0+dfsg/interface.c:1470:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "%s>%s", fromcall, origtocall); data/aprx-2.9.0+dfsg/interface.c:1474:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, ",%s", heads[i]); data/aprx-2.9.0+dfsg/interface.c:1493:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. t += sprintf(t, "}%s>%s,%s,%s*:", data/aprx-2.9.0+dfsg/interface.c:1730:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. int destlen = sprintf(destbuf, "%s>APRS,TCPIP*", dstname); data/aprx-2.9.0+dfsg/interface.c:1846:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. a += sprintf(axaddrbuf, "%s>%s", src, dest); data/aprx-2.9.0+dfsg/parse_aprs.c:34:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DEBUG_LOG(...) if(debug)printf(__VA_ARGS__) data/aprx-2.9.0+dfsg/telemetry.c:145:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. beaconaddrlen = sprintf(beaconaddr, "%s>%s,TCPIP*", E->name, tocall); data/aprx-2.9.0+dfsg/telemetry.c:356:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. beaconaddrlen = sprintf(beaconaddr, "%s>%s,TCPIP*", E->name, tocall); data/aprx-2.9.0+dfsg/telemetry.c:363:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s = buf+2 + sprintf(buf+2, data/aprx-2.9.0+dfsg/telemetry.c:368:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s = buf+2 + sprintf(buf+2, data/aprx-2.9.0+dfsg/telemetry.c:374:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. s = buf+2 + sprintf(buf+2, data/aprx-2.9.0+dfsg/ttyreader.c:133:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(S->rdline2, S->rdline); data/aprx-2.9.0+dfsg/ttyreader.c:1071:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *) (tty->ttyname), "tcp!%s!%s!", host, port); data/aprx-2.9.0+dfsg/valgrind.c:63:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). char *strcpy(char *dest, const char *src) { data/aprx-2.9.0+dfsg/aprx-stat.c:208:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "f:StxX?h")) != -1) { data/aprx-2.9.0+dfsg/aprx.c:177:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((i = getopt(argc, argv, "def:hiLl:vV?")) != -1) { data/aprx-2.9.0+dfsg/beacon.c:736:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((long)t); data/aprx-2.9.0+dfsg/digipeater.c:1541:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int jittery = src->viscous_delay > 0 ? random() % 3 + src->viscous_delay : 0; data/aprx-2.9.0+dfsg/agwpesocket.c:277:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int agwpeportnum = atoi(agwpeport); data/aprx-2.9.0+dfsg/agwpesocket.c:367:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->wrbuf, com->wrbuf + com->wrcursor, len); data/aprx-2.9.0+dfsg/agwpesocket.c:405:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->wrbuf + com->wrlen, &hdr, sizeof(hdr)); data/aprx-2.9.0+dfsg/agwpesocket.c:407:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->wrbuf + com->wrlen, axaddr, axaddrlen); data/aprx-2.9.0+dfsg/agwpesocket.c:409:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->wrbuf + com->wrlen, axdata, axdatalen); data/aprx-2.9.0+dfsg/agwpesocket.c:448:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->wrbuf + com->wrlen, &hdr, sizeof(hdr)); data/aprx-2.9.0+dfsg/agwpesocket.c:528:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->rdbuf, com->rdbuf + com->rdcursor, data/aprx-2.9.0+dfsg/agwpesocket.c:547:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hdr.fromCall, com->rdbuf + 8, 10); data/aprx-2.9.0+dfsg/agwpesocket.c:548:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hdr.toCall, com->rdbuf + 18, 10); data/aprx-2.9.0+dfsg/agwpesocket.c:571:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com->rdbuf, com->rdbuf + com->rdcursor, data/aprx-2.9.0+dfsg/aprsis.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wrbuf[16000]; data/aprx-2.9.0+dfsg/aprsis.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdbuf[3000]; data/aprx-2.9.0+dfsg/aprsis.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdline[500]; data/aprx-2.9.0+dfsg/aprsis.c:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[1000]; data/aprx-2.9.0+dfsg/aprsis.c:183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->wrbuf, A->wrbuf + A->wrbuf_cur, data/aprx-2.9.0+dfsg/aprsis.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->wrbuf + A->wrbuf_len, addrbuf, addrlen); data/aprx-2.9.0+dfsg/aprsis.c:220:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->wrbuf + A->wrbuf_len, text, textlen); data/aprx-2.9.0+dfsg/aprsis.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aprsislogincmd[3000]; data/aprx-2.9.0+dfsg/aprsis.c:328:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/aprx-2.9.0+dfsg/aprsis.c:447:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A->rdbuf, A->rdbuf + A->rdbuf_cur, data/aprx-2.9.0+dfsg/aprsis.c:490:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/aprx-2.9.0+dfsg/aprsis.c:576:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &head, sizeof(head)); data/aprx-2.9.0+dfsg/aprsis.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, addr, addrlen); data/aprx-2.9.0+dfsg/aprsis.c:582:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, gwcall, gwlen); data/aprx-2.9.0+dfsg/aprsis.c:585:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, text, textlen); data/aprx-2.9.0+dfsg/aprsis.c:1044:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/aprx-2.9.0+dfsg/aprsis.c:1168:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int port = atoi(param1); data/aprx-2.9.0+dfsg/aprsis.c:1216:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(AIH->filterparam[l1+1]), param1, l2+1); data/aprx-2.9.0+dfsg/aprsis.c:1218:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(AIH->filterparam[0]), param1, l2+1); data/aprx-2.9.0+dfsg/aprx-stat.c:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04d-%02d-%02d %02d:%02d:%02d", data/aprx-2.9.0+dfsg/aprx-stat.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logtime[40]; data/aprx-2.9.0+dfsg/aprx-stat.c:98:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logtime, "%ld", data/aprx-2.9.0+dfsg/aprx-stat.c:132:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logtime, "%ld", data/aprx-2.9.0+dfsg/aprx-stat.c:166:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(logtime, "%ld", data/aprx-2.9.0+dfsg/aprx.c:59:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/aprx-2.9.0+dfsg/aprx.c:60:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "SIGNAL %d - DYING!\n", sig); data/aprx-2.9.0+dfsg/aprx.c:266:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pf = fopen(pidfile, "r"); data/aprx-2.9.0+dfsg/aprx.c:304:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pf = fopen(pidfile, "w"); data/aprx-2.9.0+dfsg/aprx.c:339:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open("/dev/null", O_RDONLY, 0); data/aprx-2.9.0+dfsg/aprx.c:487:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%04d-%02d-%02d %02d:%02d:%02d.%03d", data/aprx-2.9.0+dfsg/aprx.c:582:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[60]; data/aprx-2.9.0+dfsg/aprx.c:618:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(aprxlogfile, "a"); data/aprx-2.9.0+dfsg/aprx.c:656:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(rflogfile, "a"); data/aprx-2.9.0+dfsg/aprx.c:660:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[60]; data/aprx-2.9.0+dfsg/aprx.h:53:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy aprx_memcpy data/aprx-2.9.0+dfsg/aprx.h:63:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. extern void *memcpy(void *dest, const void *src, size_t n); data/aprx-2.9.0+dfsg/aprx.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8010]; data/aprx-2.9.0+dfsg/aprx.h:257:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *ttycallsign[16]; /* callsign */ data/aprx-2.9.0+dfsg/aprx.h:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *initstring[16]; /* optional init-string to be sent to data/aprx-2.9.0+dfsg/aprx.h:437:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[31]; data/aprx-2.9.0+dfsg/aprx.h:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title[32]; data/aprx-2.9.0+dfsg/aprx.h:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mycall[16]; data/aprx-2.9.0+dfsg/aprx.h:535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addresses[20]; data/aprx-2.9.0+dfsg/aprx.h:537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packetbuf[200]; /* 99.9+ % of time this is enough.. */ data/aprx-2.9.0+dfsg/ax25.c:62:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. dest += sprintf(dest, "-%d", ssid); data/aprx-2.9.0+dfsg/ax25.c:271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnc2buf[2800]; data/aprx-2.9.0+dfsg/beacon.c:421:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bm->timeout = atoi(p1); data/aprx-2.9.0+dfsg/beacon.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hms[8]; data/aprx-2.9.0+dfsg/beacon.c:700:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hms, "%02d%02d%02dh", hour, min, sec); data/aprx-2.9.0+dfsg/beacon.c:707:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( txt+11, hms, 7 ); // Overwrite with new time data/aprx-2.9.0+dfsg/beacon.c:709:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( txt+1, hms, 7 ); // Overwrite with new time data/aprx-2.9.0+dfsg/beacon.c:716:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename,"r"); data/aprx-2.9.0+dfsg/beacon.c:855:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dev_null = open("/dev/null", O_WRONLY); data/aprx-2.9.0+dfsg/beacon.c:1230:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/aprx-2.9.0+dfsg/beacon.c:1231:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "matched child exit, pid=%d\n", pid); data/aprx-2.9.0+dfsg/cellmalloc.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cellblocks[CELLBLOCKS_MAX]; /* ref as 'char pointer' for pointer arithmetics... */ data/aprx-2.9.0+dfsg/cellmalloc.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048]; data/aprx-2.9.0+dfsg/cellmalloc.c:90:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDWR|O_CREAT, 644); data/aprx-2.9.0+dfsg/config.c:145:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hx[3]; data/aprx-2.9.0+dfsg/config.c:482:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int i = atoi(param1); data/aprx-2.9.0+dfsg/config.c:800:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((cf.fp = fopen(name, "r")) == NULL) { data/aprx-2.9.0+dfsg/digipeater.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2000]; data/aprx-2.9.0+dfsg/digipeater.c:383:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char viafield[15]; // temp buffer for many uses data/aprx-2.9.0+dfsg/digipeater.c:404:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(viafield, pb->data, len); data/aprx-2.9.0+dfsg/digipeater.c:415:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(viafield, pb->srccall_end+1, len); data/aprx-2.9.0+dfsg/digipeater.c:456:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(viafield, p, len); data/aprx-2.9.0+dfsg/digipeater.c:622:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxreq = atoi(param1); data/aprx-2.9.0+dfsg/digipeater.c:626:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxdone = atoi(param1); data/aprx-2.9.0+dfsg/digipeater.c:738:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). viscous_delay = atoi(param1); data/aprx-2.9.0+dfsg/digipeater.c:910:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(source->ax25viapath, ax25viapath, sizeof(ax25viapath)); data/aprx-2.9.0+dfsg/digipeater.c:911:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(source->msgviapath, msgviapath, sizeof(msgviapath)); data/aprx-2.9.0+dfsg/digipeater.c:914:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(source->msgviapath, ax25viapath, sizeof(ax25viapath)); data/aprx-2.9.0+dfsg/digipeater.c:1214:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char viafield[14]; // room for text format data/aprx-2.9.0+dfsg/digipeater.c:1289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state.ax25addr, pb->ax25addr, pb->ax25addrlen); data/aprx-2.9.0+dfsg/digipeater.c:1311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axaddr, digi->transmitter->ax25call, AX25ADDRLEN); data/aprx-2.9.0+dfsg/digipeater.c:1363:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axaddr, digi->transmitter->ax25call, AX25ADDRLEN); data/aprx-2.9.0+dfsg/digipeater.c:1383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axaddr, digi->transmitter->ax25call, AX25ADDRLEN); data/aprx-2.9.0+dfsg/digipeater.c:1391:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axaddr, digi->transmitter->ax25call, AX25ADDRLEN); data/aprx-2.9.0+dfsg/digipeater.c:1413:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axaddr, digi->transmitter->ax25call, AX25ADDRLEN); data/aprx-2.9.0+dfsg/digipeater.c:1428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[2800]; data/aprx-2.9.0+dfsg/digipeater.c:1473:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tbuf+t2l, pb->ax25data+2, pb->ax25datalen-2); // Ctrl+PID skiped data/aprx-2.9.0+dfsg/digipeater.c:1806:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src->viscous_queue[0], data/aprx-2.9.0+dfsg/dprsgw.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[10]; data/aprx-2.9.0+dfsg/dprsgw.c:58:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(dprslogfile,"a"); data/aprx-2.9.0+dfsg/dprsgw.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[10]; data/aprx-2.9.0+dfsg/dprsgw.c:125:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->history[n].callsign, callsign, sizeof(callsign)); data/aprx-2.9.0+dfsg/dprsgw.c:132:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char gps[3]; data/aprx-2.9.0+dfsg/dprsgw.c:133:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char aprs[3]; data/aprx-2.9.0+dfsg/dprsgw.c:336:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gps[3]; data/aprx-2.9.0+dfsg/dprsgw.c:506:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *gga[20]; data/aprx-2.9.0+dfsg/dprsgw.c:507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rmc[20]; data/aprx-2.9.0+dfsg/dprsgw.c:508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnc2buf[2000]; data/aprx-2.9.0+dfsg/dprsgw.c:515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aprssym[3]; data/aprx-2.9.0+dfsg/dprsgw.c:521:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(aprssym, "/>"); // Default.. data/aprx-2.9.0+dfsg/dprsgw.c:566:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, ">APDPRS,DSTAR*"); data/aprx-2.9.0+dfsg/dprsgw.c:673:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "/A=%06d", alt_feet); data/aprx-2.9.0+dfsg/dprsgw.c:691:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *heads[2]; data/aprx-2.9.0+dfsg/dprsgw.c:734:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *heads[2]; data/aprx-2.9.0+dfsg/dprsgw.c:783:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->ggaline, tnc2addr, tnc2bodylen); data/aprx-2.9.0+dfsg/dprsgw.c:794:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->rmcline, tnc2addr, tnc2bodylen); data/aprx-2.9.0+dfsg/dprsgw.c:843:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->rdline, p, S->rdlinelen); data/aprx-2.9.0+dfsg/dprsgw.c:935:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->rdline, p, len); data/aprx-2.9.0+dfsg/dprsgw.c:1039:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "x$x4$GPPP$$$GP $$CRCB727,OH3BK-D>$$CRCB727,OH3BK-D>APRATS,DSTAR*:@165340h6128.23N/02353.52E-D-RATS (GPS-A) /A=000377"); data/aprx-2.9.0+dfsg/dprsgw.c:1044:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "\304\3559\202\333$$CRCC3F5,OH3KGR-M>API282,DSTAR*:/123035h6131.29N/02340.45E>/IC-E2820"); data/aprx-2.9.0+dfsg/dprsgw.c:1049:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "[SOB]\"=@=@=@=>7\310=@\010!~~~~~~~!~~~~~~~\001\001\001\001\001\001\001\001[EOB]$$CRCBFB7,OH3BK>APRATS,DSTAR*:@124202h6128.23N/02353.52E-D-RATS (GPS-A) /A=000377"); data/aprx-2.9.0+dfsg/dprsgw.c:1054:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "$GPGGA,164829.02,6131.6572,N,02339.1567,E,1,08,1.1,111.3,M,19.0,M,,*61"); data/aprx-2.9.0+dfsg/dprsgw.c:1059:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "$GPRMC,170130.02,A,6131.6583,N,02339.1552,E,0.00,154.8,290510,6.5,E,A*02"); data/aprx-2.9.0+dfsg/dprsgw.c:1065:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((void*)S.rdline, "OH3BK D,BN *59 "); data/aprx-2.9.0+dfsg/dprsgw.c:1072:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("tt.log", "r"); data/aprx-2.9.0+dfsg/dprsgw.c:1074:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[3000]; data/aprx-2.9.0+dfsg/dprsgw.c:1082:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S.rdbuf+S.rdlen, ep, len); data/aprx-2.9.0+dfsg/dupecheck.c:267:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->addresses, addr, addrlen); data/aprx-2.9.0+dfsg/dupecheck.c:268:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->packet, data, datalen); data/aprx-2.9.0+dfsg/dupecheck.c:425:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->addresses, addr, addrlen); data/aprx-2.9.0+dfsg/dupecheck.c:426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp->packet, data, datalen); data/aprx-2.9.0+dfsg/erlang.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/aprx-2.9.0+dfsg/erlang.c:286:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). erlang_file_fd = open(erlang_backingstore, do_create ? O_RDWR : O_RDONLY, 0644); /* Presume: it exists! */ data/aprx-2.9.0+dfsg/erlang.c:289:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(erlang_backingstore, data/aprx-2.9.0+dfsg/erlang.c:517:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[500]; data/aprx-2.9.0+dfsg/erlang.c:518:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logtime[40]; data/aprx-2.9.0+dfsg/erlang.c:523:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(erlanglogfile, "a"); data/aprx-2.9.0+dfsg/filter.c:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[CALLSIGNLEN_MAX+1]; /* size: 10.. */ data/aprx-2.9.0+dfsg/filter.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textbuf[FILT_TEXTBUFSIZE]; data/aprx-2.9.0+dfsg/filter.c:314:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uckey[CALLSIGNLEN_MAX+1]; data/aprx-2.9.0+dfsg/filter.c:369:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f->callsign, uckey, keylen); data/aprx-2.9.0+dfsg/filter.c:519:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uckey[CALLSIGNLEN_MAX+1]; data/aprx-2.9.0+dfsg/filter.c:571:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(f->callsign, key, keylen); data/aprx-2.9.0+dfsg/filter.c:794:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[CALLSIGNLEN_MAX+1]; data/aprx-2.9.0+dfsg/filter.c:1601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, pb->data, i); data/aprx-2.9.0+dfsg/filter.c:1641:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, d, i); data/aprx-2.9.0+dfsg/filter.c:1677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, e, i); data/aprx-2.9.0+dfsg/filter.c:1780:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, pb->dstname, i); data/aprx-2.9.0+dfsg/filter.c:1866:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, pb->srcname, i); // copy the interesting part data/aprx-2.9.0+dfsg/filter.c:1890:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, pb->data, i); data/aprx-2.9.0+dfsg/filter.c:2225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( ref.callsign, d, i); data/aprx-2.9.0+dfsg/historydb.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keybuf[CALLSIGNLEN_MAX+2]; data/aprx-2.9.0+dfsg/historydb.c:192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( keybuf, pb->info_start+1, CALLSIGNLEN_MAX+1); data/aprx-2.9.0+dfsg/historydb.c:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( keybuf, pb->info_start+1, CALLSIGNLEN_MAX+1); data/aprx-2.9.0+dfsg/historydb.c:225:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( keybuf, pb->data, CALLSIGNLEN_MAX) ; data/aprx-2.9.0+dfsg/historydb.c:231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( keybuf, pb->data, CALLSIGNLEN_MAX) ; data/aprx-2.9.0+dfsg/historydb.c:238:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( keybuf, pb->data, CALLSIGNLEN_MAX) ; data/aprx-2.9.0+dfsg/historydb.c:310:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cp->packet, pb->data, cp->packetlen ); data/aprx-2.9.0+dfsg/historydb.c:321:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp->key, keybuf, keylen); data/aprx-2.9.0+dfsg/historydb.c:369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keybuf[CALLSIGNLEN_MAX+2]; data/aprx-2.9.0+dfsg/historydb.c:400:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keybuf, pb->srcname, pb->srcname_len); data/aprx-2.9.0+dfsg/historydb.c:408:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keybuf, pb->srcname, pb->srcname_len); data/aprx-2.9.0+dfsg/historydb.c:481:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( cp->packet, pb->data, cp->packetlen ); data/aprx-2.9.0+dfsg/historydb.c:494:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp->key, keybuf, keylen); data/aprx-2.9.0+dfsg/historydb.h:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[CALLSIGNLEN_MAX+2]; data/aprx-2.9.0+dfsg/historydb.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packetbuf[170]; /* Maybe a dozen packets are bigger than data/aprx-2.9.0+dfsg/hlog.c:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LOG_LEN]; data/aprx-2.9.0+dfsg/hlog.c:192:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log_file = open(log_fname, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP); data/aprx-2.9.0+dfsg/hlog.c:286:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log_file = open(log_fname, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP); data/aprx-2.9.0+dfsg/hlog.c:321:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wb[LOG_LEN]; data/aprx-2.9.0+dfsg/hlog.c:372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[LOG_LEN]; data/aprx-2.9.0+dfsg/hlog.c:398:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[LOG_LEN]; data/aprx-2.9.0+dfsg/hlog.c:437:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). accesslog_file = open(accesslog_fname, O_WRONLY|O_CREAT|O_APPEND, S_IRUSR|S_IWUSR|S_IRGRP); data/aprx-2.9.0+dfsg/hlog.c:478:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[LOG_LEN], wb[LOG_LEN]; data/aprx-2.9.0+dfsg/hlog.c:522:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[32]; data/aprx-2.9.0+dfsg/hlog.c:525:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(name, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); data/aprx-2.9.0+dfsg/igate.c:458:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void pick_heads(char *ax25, int headlen, data/aprx-2.9.0+dfsg/igate.c:459:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *heads[20], int *headscount) data/aprx-2.9.0+dfsg/igate.c:500:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *heads[20]; data/aprx-2.9.0+dfsg/igate.c:532:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(headsbuf, ax25, colonidx+1); data/aprx-2.9.0+dfsg/interface.c:310:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(initstring, param1, parlen); data/aprx-2.9.0+dfsg/interface.c:354:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ifgroup = atol(param1); data/aprx-2.9.0+dfsg/interface.c:404:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aif, aifp, sizeof(*aif)); data/aprx-2.9.0+dfsg/interface.c:845:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(initstring, param1, parlen); data/aprx-2.9.0+dfsg/interface.c:866:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ifgroup = atol(param1); data/aprx-2.9.0+dfsg/interface.c:1155:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axbuf, axaddr, axaddrlen); data/aprx-2.9.0+dfsg/interface.c:1156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(axbuf + axaddrlen, axdata, axdatalen); data/aprx-2.9.0+dfsg/interface.c:1258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnc2buf1[2800]; data/aprx-2.9.0+dfsg/interface.c:1310:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( a, tnc2data, tnc2datalen ); data/aprx-2.9.0+dfsg/interface.c:1321:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, tnc2data, tnc2datalen); data/aprx-2.9.0+dfsg/interface.c:1374:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnc2buf[2800]; data/aprx-2.9.0+dfsg/interface.c:1401:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ax25buf, toaprs, 7); // AX.25 DEST call data/aprx-2.9.0+dfsg/interface.c:1404:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ax25buf+7, tx_aif->ax25call, 7); // AX.25 SRC call data/aprx-2.9.0+dfsg/interface.c:1410:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, digisrc->msgviapath, 7); // AX.25 VIA call for a Message data/aprx-2.9.0+dfsg/interface.c:1415:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, digisrc->ax25viapath, 7); // AX.25 VIA call data/aprx-2.9.0+dfsg/interface.c:1443:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, tnc2data, tnc2datalen); data/aprx-2.9.0+dfsg/interface.c:1502:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, tnc2data, tnc2datalen); data/aprx-2.9.0+dfsg/interface.c:1602:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recipient[10]; data/aprx-2.9.0+dfsg/interface.c:1729:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destbuf[50]; data/aprx-2.9.0+dfsg/interface.c:1731:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[50]; data/aprx-2.9.0+dfsg/interface.c:1769:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstname[DSTNAMELEN]; data/aprx-2.9.0+dfsg/interface.c:1818:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char axaddrbuf[128]; data/aprx-2.9.0+dfsg/interface.c:1851:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char viafield[12]; data/aprx-2.9.0+dfsg/interface.c:1861:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, via, vialen); data/aprx-2.9.0+dfsg/interface.c:1889:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(viafield, p, len); data/aprx-2.9.0+dfsg/interface.c:1935:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( axbuf, axaddrbuf, axlen ); data/aprx-2.9.0+dfsg/interface.c:1938:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, txbuf+2, txlen-2); // forget control+pid bytes.. data/aprx-2.9.0+dfsg/kiss.c:373:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf + S->wrlen, kissbuf, kisslen); data/aprx-2.9.0+dfsg/kiss.c:460:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(aprxlogfile, "a"); data/aprx-2.9.0+dfsg/kiss.c:462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[60]; data/aprx-2.9.0+dfsg/kiss.c:637:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf, S->wrbuf + S->wrcursor, len); data/aprx-2.9.0+dfsg/kiss.c:669:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf + S->wrlen, kissbuf, len); data/aprx-2.9.0+dfsg/kiss.c:695:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf, S->wrbuf + S->wrcursor, len); data/aprx-2.9.0+dfsg/kiss.c:727:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf + S->wrlen, kissbuf, kisslen); data/aprx-2.9.0+dfsg/netax25.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[IFNAMSIZ]; data/aprx-2.9.0+dfsg/netax25.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char callsign[10]; data/aprx-2.9.0+dfsg/netax25.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[64]; data/aprx-2.9.0+dfsg/netax25.c:169:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nax25->ax25addr.sax25_call, ax25call, 7); data/aprx-2.9.0+dfsg/netax25.c:303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512], *s; data/aprx-2.9.0+dfsg/netax25.c:318:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("/proc/net/dev", "r"); data/aprx-2.9.0+dfsg/netax25.c:357:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ax25dev.devname, ifr.ifr_name, IFNAMSIZ); data/aprx-2.9.0+dfsg/netax25.c:358:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ax25dev.ax25addr, ifr.ifr_hwaddr.sa_data, 7); // AX.25 address data/aprx-2.9.0+dfsg/netax25.c:385:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, &ax25dev, sizeof(*d)); data/aprx-2.9.0+dfsg/netax25.c:443:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nax25p->ax25addr.sax25_call, interface->ax25call, sizeof(interface->ax25call)); data/aprx-2.9.0+dfsg/netax25.c:697:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(aprxlogfile, "a"); data/aprx-2.9.0+dfsg/netax25.c:699:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[60]; data/aprx-2.9.0+dfsg/netax25.c:715:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2000]; data/aprx-2.9.0+dfsg/netax25.c:762:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c0[1]; data/aprx-2.9.0+dfsg/netresolver.c:88:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->sa, ai->ai_addr, ai->ai_addrlen); data/aprx-2.9.0+dfsg/parse_aprs.c:583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstcall[7]; data/aprx-2.9.0+dfsg/parse_aprs.c:851:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posbuf[20]; data/aprx-2.9.0+dfsg/parse_aprs.c:867:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(posbuf, body, 19); data/aprx-2.9.0+dfsg/pbuf.c:214:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, tnc2buf, tnc2len); data/aprx-2.9.0+dfsg/pbuf.c:218:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pb->ax25addr, ax25buf, ax25len); data/aprx-2.9.0+dfsg/pbuf.h:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symbol[3]; /* 2(+1) chars of symbol, if any, NUL for not found */ data/aprx-2.9.0+dfsg/pbuf.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; data/aprx-2.9.0+dfsg/ssl.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/aprx-2.9.0+dfsg/ssl.c:823:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[255]; data/aprx-2.9.0+dfsg/ssl.c:907:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[255]; data/aprx-2.9.0+dfsg/telemetry.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200], *s; data/aprx-2.9.0+dfsg/telemetry.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char beaconaddr[60]; data/aprx-2.9.0+dfsg/telemetry.c:148:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "T#%03d,", telemetry_seq); data/aprx-2.9.0+dfsg/telemetry.c:183:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%.1f,", f); data/aprx-2.9.0+dfsg/telemetry.c:217:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%.1f,", f); data/aprx-2.9.0+dfsg/telemetry.c:247:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%.1f,", f); data/aprx-2.9.0+dfsg/telemetry.c:276:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%.1f,", f); data/aprx-2.9.0+dfsg/telemetry.c:305:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "%.1f,", f); data/aprx-2.9.0+dfsg/telemetry.c:308:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. s += sprintf(s, "00000000"); // FIXME: flag telemetry? data/aprx-2.9.0+dfsg/telemetry.c:336:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200], *s; data/aprx-2.9.0+dfsg/telemetry.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char beaconaddr[60]; data/aprx-2.9.0+dfsg/timestamp.c:93:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void encode_aprsis_ntptimestamp(uint64_t ntptime, char timestamp[8]) data/aprx-2.9.0+dfsg/timestamp.c:126:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int decode_aprsis_ntptimestamp(char timestamp[8], uint64_t *ntptimep) data/aprx-2.9.0+dfsg/timestamp.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[8]; data/aprx-2.9.0+dfsg/ttyreader.c:263:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf, S->wrbuf + S->wrcursor, len); data/aprx-2.9.0+dfsg/ttyreader.c:288:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->rdbuf, S->rdbuf + S->rdcursor, data/aprx-2.9.0+dfsg/ttyreader.c:362:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->rdbuf, S->rdbuf + S->rdcursor, data/aprx-2.9.0+dfsg/ttyreader.c:388:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). S->fd = open(S->ttyname, O_RDWR | O_NOCTTY | O_NONBLOCK, 0); data/aprx-2.9.0+dfsg/ttyreader.c:436:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S->wrbuf + S->wrlen, S->initstring[i], S->initlen[i]); data/aprx-2.9.0+dfsg/ttyreader.c:783:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tty->poll_millis = atol(param1); // milliseconds data/aprx-2.9.0+dfsg/ttyreader.c:832:7: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atol(param1); /* serial port speed - baud rate */ data/aprx-2.9.0+dfsg/ttyreader.c:948:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tty->read_timeout = atol(param1); data/aprx-2.9.0+dfsg/ttyreader.c:954:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tncid = atoi(param1); data/aprx-2.9.0+dfsg/ttyreader.c:965:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tty->poll_millis = atol(param1); // milliseconds data/aprx-2.9.0+dfsg/ttyreader.c:993:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tty->initstring[tncid], param1, parlen); data/aprx-2.9.0+dfsg/valgrind.c:30:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void *memcpy(void *dest, const void *src, size_t n) { data/aprx-2.9.0+dfsg/valgrind.c:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, len); data/aprx-2.9.0+dfsg/agwpesocket.c:535:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rcvlen = read(com->fd, com->rdbuf + com->rdlen, rcvspace); data/aprx-2.9.0+dfsg/aprsis.c:387:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aprsis_queue_(A, NULL, qTYPE_LOCALGEN, "", aprsislogincmd, strlen(aprsislogincmd)); data/aprx-2.9.0+dfsg/aprsis.c:458:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(A->server_socket, A->rdbuf + A->rdbuf_len, rdspace); data/aprx-2.9.0+dfsg/aprsis.c:544:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i, len, gwlen = strlen(gwcall); data/aprx-2.9.0+dfsg/aprsis.c:553:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addrlen = strlen(addr); data/aprx-2.9.0+dfsg/aprsis.c:1209:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l1 = (AIH->filterparam != NULL) ? strlen(AIH->filterparam) : 0; data/aprx-2.9.0+dfsg/aprsis.c:1210:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l2 = strlen(param1); data/aprx-2.9.0+dfsg/aprx.c:61:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(1, buf, strlen(buf)); data/aprx-2.9.0+dfsg/aprx.h:56:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define strlen aprx_strlen data/aprx-2.9.0+dfsg/aprx.h:58:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define strncpy aprx_strncpy data/aprx-2.9.0+dfsg/aprx.h:64:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extern size_t strlen(const char *p); data/aprx-2.9.0+dfsg/aprx.h:69:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). extern char *strncpy(char *dest, const char *src, size_t n); data/aprx-2.9.0+dfsg/ax25.c:161:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/aprx-2.9.0+dfsg/ax25.c:166:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/aprx-2.9.0+dfsg/ax25.c:200:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t += strlen(t); data/aprx-2.9.0+dfsg/beacon.c:68:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buflen = strlen(p1) + strlen(str ? str : "") + 10; data/aprx-2.9.0+dfsg/beacon.c:68:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buflen = strlen(p1) + strlen(str ? str : "") + 10; data/aprx-2.9.0+dfsg/beacon.c:338:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(code) != 2) { data/aprx-2.9.0+dfsg/beacon.c:496:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (code && strlen(code) == 2 && lat && strlen(lat) == 8 && data/aprx-2.9.0+dfsg/beacon.c:496:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (code && strlen(code) == 2 && lat && strlen(lat) == 8 && data/aprx-2.9.0+dfsg/beacon.c:497:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lon && strlen(lon) == 9) { data/aprx-2.9.0+dfsg/beacon.c:516:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!code || (code && strlen(code) != 2)) data/aprx-2.9.0+dfsg/beacon.c:518:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!lat || (lat && strlen(lat) != 8)) data/aprx-2.9.0+dfsg/beacon.c:520:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!lon || (lon && strlen(lon) != 9)) data/aprx-2.9.0+dfsg/beacon.c:562:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(bm->msg); data/aprx-2.9.0+dfsg/beacon.c:766:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(bset->exec_fd, bset->exec_buf + bset->exec_buf_length, space)) > 0) { data/aprx-2.9.0+dfsg/beacon.c:934:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). destlen = strlen(bm->dest) + ((bm->via != NULL) ? strlen(bm->via): 0) +2; data/aprx-2.9.0+dfsg/beacon.c:934:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). destlen = strlen(bm->dest) + ((bm->via != NULL) ? strlen(bm->via): 0) +2; data/aprx-2.9.0+dfsg/beacon.c:970:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). txtlen = strlen(txt); data/aprx-2.9.0+dfsg/beacon.c:979:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = destlen + 12 + strlen(src); // destlen contains bm->via plus room for ",TCPIP*" data/aprx-2.9.0+dfsg/beacon.c:1009:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aprsis_queue(destbuf, strlen(destbuf), data/aprx-2.9.0+dfsg/beacon.c:1050:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = destlen + 12 + (src != NULL ? strlen(src) : 0); // destlen contains bm->via, plus room for ",TCPIP*" data/aprx-2.9.0+dfsg/beacon.c:1110:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aprsis_queue(destbuf, strlen(destbuf), data/aprx-2.9.0+dfsg/beacon.c:1232:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(1, buf, strlen(buf)); data/aprx-2.9.0+dfsg/config.c:39:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen(callsign); data/aprx-2.9.0+dfsg/config.c:752:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = bufp + strlen(bufp); data/aprx-2.9.0+dfsg/digipeater.c:300:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tlen = strlen(aif->callsign); data/aprx-2.9.0+dfsg/digipeater.c:468:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(viafield,"*"); // we do know that there is space for this. data/aprx-2.9.0+dfsg/digipeater.c:638:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylens[nkeys-1] = strlen(k); data/aprx-2.9.0+dfsg/dprsgw.c:995:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = fgetc(fp); data/aprx-2.9.0+dfsg/dprsgw.c:1040:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/dprsgw.c:1045:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/dprsgw.c:1050:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/dprsgw.c:1055:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/dprsgw.c:1061:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/dprsgw.c:1066:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). S.rdlinelen = strlen((void*)S.rdline); data/aprx-2.9.0+dfsg/erlang.c:70:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ErlangHead->mycall, "N0CALL", data/aprx-2.9.0+dfsg/erlang.c:73:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ErlangHead->mycall, mycall, data/aprx-2.9.0+dfsg/erlang.c:342:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(E->name, portname, sizeof(E->name) - 1); data/aprx-2.9.0+dfsg/filter.c:871:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). refbuf[refcount].reflen = strlen(prefixbuf); data/aprx-2.9.0+dfsg/filter.c:883:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(ff->h.text) + strlen(filt0)+2; data/aprx-2.9.0+dfsg/filter.c:883:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(ff->h.text) + strlen(filt0)+2; data/aprx-2.9.0+dfsg/filter.c:888:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = ff->textbuf + strlen(ff->textbuf); data/aprx-2.9.0+dfsg/filter.c:1143:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f0.h.u5.refcallsign.reflen = strlen(f0.h.u5.refcallsign.callsign); data/aprx-2.9.0+dfsg/filter.c:1404:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(f0.h.u5.refcallsign.callsign) < CALLSIGNLEN_MIN ) { data/aprx-2.9.0+dfsg/filter.c:1411:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f0.h.u5.refcallsign.reflen = strlen(f0.h.u5.refcallsign.callsign); data/aprx-2.9.0+dfsg/filter.c:1447:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filt0) < FILT_TEXTBUFSIZE) { data/aprx-2.9.0+dfsg/filter.c:1453:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f = calloc(1, sizeof(*f) + strlen(filt0)); data/aprx-2.9.0+dfsg/historydb.c:203:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = keybuf + strlen(keybuf); data/aprx-2.9.0+dfsg/historydb.c:248:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(keybuf); data/aprx-2.9.0+dfsg/historydb.c:416:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keylen = strlen(keybuf); data/aprx-2.9.0+dfsg/hlog.c:143:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/aprx-2.9.0+dfsg/hlog.c:144:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = hrealloc(s, len + strlen(buf) + 1); data/aprx-2.9.0+dfsg/hlog.c:189:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_fname = hmalloc(strlen(log_dir) + strlen(log_basename) + 2); data/aprx-2.9.0+dfsg/hlog.c:189:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_fname = hmalloc(strlen(log_dir) + strlen(log_basename) + 2); data/aprx-2.9.0+dfsg/hlog.c:275:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = hmalloc(strlen(log_fname) + 6); data/aprx-2.9.0+dfsg/hlog.c:295:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r1 = hmalloc(strlen(log_fname) + 16); data/aprx-2.9.0+dfsg/hlog.c:296:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r2 = hmalloc(strlen(log_fname) + 16); data/aprx-2.9.0+dfsg/hlog.c:434:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). accesslog_fname = hmalloc(strlen(accesslog_dir) + strlen(accesslog_basename) + 2); data/aprx-2.9.0+dfsg/hlog.c:434:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). accesslog_fname = hmalloc(strlen(accesslog_dir) + strlen(accesslog_basename) + 2); data/aprx-2.9.0+dfsg/interface.c:616:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host) + strlen(port) + 8; data/aprx-2.9.0+dfsg/interface.c:616:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host) + strlen(port) + 8; data/aprx-2.9.0+dfsg/interface.c:719:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname) + strlen(hostport) + strlen(agwpeportnum) + 8; data/aprx-2.9.0+dfsg/interface.c:719:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname) + strlen(hostport) + strlen(agwpeportnum) + 8; data/aprx-2.9.0+dfsg/interface.c:719:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(hostname) + strlen(hostport) + strlen(agwpeportnum) + 8; data/aprx-2.9.0+dfsg/interface.c:1611:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pb->dstname_len = strlen(recipient); data/aprx-2.9.0+dfsg/interface.c:1617:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hist_rx = historydb_lookup(historydb, recipient, strlen(recipient)); data/aprx-2.9.0+dfsg/interface.c:1645:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). history_cell_t *hist_tx = historydb_lookup(historydb, fromcall, strlen(fromcall)); data/aprx-2.9.0+dfsg/interface.c:1698:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dstname, pb->dstname, DSTNAMELEN-1); data/aprx-2.9.0+dfsg/interface.c:1852:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int vialen = strlen(via); data/aprx-2.9.0+dfsg/interface.c:1921:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). axaddrbuf, strlen(axaddrbuf), data/aprx-2.9.0+dfsg/netax25.c:210:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, devname, sizeof(ifr.ifr_name)); data/aprx-2.9.0+dfsg/netax25.c:337:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, s, IFNAMSIZ-1); data/aprx-2.9.0+dfsg/netax25.c:716:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void)read(fd, buf, sizeof(buf)); data/aprx-2.9.0+dfsg/parse_aprs.c:668:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dstcall, d_start, 6); data/aprx-2.9.0+dfsg/ssl.c:741:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c->cert_subject, subject, sizeof(c->cert_subject)); data/aprx-2.9.0+dfsg/ssl.c:743:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(c->cert_issuer, issuer, sizeof(c->cert_issuer)); data/aprx-2.9.0+dfsg/telemetry.c:514:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check = tnc2_verify_callsign_format(param1, 0, 1, param1+strlen(param1)); data/aprx-2.9.0+dfsg/ttyreader.c:301:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(S->fd, S->rdbuf + S->rdlen, rdspace); data/aprx-2.9.0+dfsg/ttyreader.c:1068:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host) + strlen(port) + 8; data/aprx-2.9.0+dfsg/ttyreader.c:1068:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(host) + strlen(port) + 8; data/aprx-2.9.0+dfsg/valgrind.c:38:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t strlen(const char *p) { data/aprx-2.9.0+dfsg/valgrind.c:44:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s)+1; data/aprx-2.9.0+dfsg/valgrind.c:70:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). char *strncpy(char *dest, const char *src, size_t n) { ANALYSIS SUMMARY: Hits = 431 Lines analyzed = 23944 in approximately 0.64 seconds (37123 lines/second) Physical Source Lines of Code (SLOC) = 15826 Hits@level = [0] 737 [1] 94 [2] 260 [3] 4 [4] 73 [5] 0 Hits@level+ = [0+] 1168 [1+] 431 [2+] 337 [3+] 77 [4+] 73 [5+] 0 Hits/KSLOC@level+ = [0+] 73.8026 [1+] 27.2337 [2+] 21.2941 [3+] 4.86541 [4+] 4.61266 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.