Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/coturn-4.5.1.3/src/server/ns_turn_khash.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_ioalib.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_server.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_allocation.c
Examining data/coturn-4.5.1.3/src/server/ns_turn_allocation.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_maps.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_session.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_maps_rtcp.c
Examining data/coturn-4.5.1.3/src/server/ns_turn_maps.c
Examining data/coturn-4.5.1.3/src/server/ns_turn_maps_rtcp.h
Examining data/coturn-4.5.1.3/src/server/ns_turn_server.c
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg.c
Examining data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg_defs_experimental.h
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg.h
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg_addr.c
Examining data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.h
Examining data/coturn-4.5.1.3/src/client/ns_turn_msg_addr.h
Examining data/coturn-4.5.1.3/src/client++/TurnMsgLib.h
Examining data/coturn-4.5.1.3/src/apps/peer/udpserver.h
Examining data/coturn-4.5.1.3/src/apps/peer/udpserver.c
Examining data/coturn-4.5.1.3/src/apps/peer/mainudpserver.c
Examining data/coturn-4.5.1.3/src/apps/stunclient/stunclient.c
Examining data/coturn-4.5.1.3/src/apps/relay/tls_listener.h
Examining data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_impl.h
Examining data/coturn-4.5.1.3/src/apps/relay/libtelnet.h
Examining data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c
Examining data/coturn-4.5.1.3/src/apps/relay/turn_ports.h
Examining data/coturn-4.5.1.3/src/apps/relay/mainrelay.h
Examining data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.h
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbdriver.h
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.h
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbdriver.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.h
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.h
Examining data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.h
Examining data/coturn-4.5.1.3/src/apps/relay/turn_ports.c
Examining data/coturn-4.5.1.3/src/apps/relay/mainrelay.c
Examining data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.h
Examining data/coturn-4.5.1.3/src/apps/relay/dtls_listener.h
Examining data/coturn-4.5.1.3/src/apps/relay/http_server.c
Examining data/coturn-4.5.1.3/src/apps/relay/userdb.h
Examining data/coturn-4.5.1.3/src/apps/relay/http_server.h
Examining data/coturn-4.5.1.3/src/apps/relay/libtelnet.c
Examining data/coturn-4.5.1.3/src/apps/relay/userdb.c
Examining data/coturn-4.5.1.3/src/apps/relay/netengine.c
Examining data/coturn-4.5.1.3/src/apps/relay/ns_sm.h
Examining data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c
Examining data/coturn-4.5.1.3/src/apps/relay/tls_listener.c
Examining data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c
Examining data/coturn-4.5.1.3/src/apps/common/apputils.c
Examining data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.h
Examining data/coturn-4.5.1.3/src/apps/common/stun_buffer.c
Examining data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c
Examining data/coturn-4.5.1.3/src/apps/common/apputils.h
Examining data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.h
Examining data/coturn-4.5.1.3/src/apps/common/ns_turn_openssl.h
Examining data/coturn-4.5.1.3/src/apps/common/stun_buffer.h
Examining data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c
Examining data/coturn-4.5.1.3/src/apps/oauth/oauth.c
Examining data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c
Examining data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c
Examining data/coturn-4.5.1.3/src/apps/uclient/uclient.h
Examining data/coturn-4.5.1.3/src/apps/uclient/startuclient.c
Examining data/coturn-4.5.1.3/src/apps/uclient/session.h
Examining data/coturn-4.5.1.3/src/apps/uclient/startuclient.h
Examining data/coturn-4.5.1.3/src/apps/uclient/uclient.c
Examining data/coturn-4.5.1.3/src/ns_turn_defs.h
FINAL RESULTS:
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:213:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(rm.arg, sizeof(rm.arg)-1, format, args);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:184:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s+slen,sizeof(s)-slen-1,format, args);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:189:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s+slen,sizeof(s)-slen-1,format, args);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:526:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s+sz, sizeof(s)-1-sz, format, args);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:887:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(_k, opt);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:997:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(field_name, "%s_peer_ip", kind);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:98:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(last,(char*)outdata);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:100:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out,last);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:30:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:132:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), fmt, va);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1366:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rs = vsnprintf(buffer, sizeof(buffer), fmt, va);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1374:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rs = vsnprintf(output, rs + 1, fmt, va);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1431:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rs = vsnprintf(buffer, sizeof(buffer), fmt, va);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1439:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rs = vsnprintf(output, rs + 1, fmt, va);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.h:59:55: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define TELNET_GNU_PRINTF(f,a) __attribute__((format(printf, f, a))) /*!< internal helper */
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1058:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)returnedKey, key);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1111:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(last,(char*)outdata);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:205:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(cs->f, format, args);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1828:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(s,sizeof(s)-1,format, args);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2065:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define OAUTH_ERROR(...) fprintf(stderr,__VA_ARGS__)
data/coturn-4.5.1.3/src/ns_turn_defs.h:132:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(((char*)(dst)),(const char*)(src));\
data/coturn-4.5.1.3/src/apps/common/apputils.c:762:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *_var = getenv("_");
data/coturn-4.5.1.3/src/apps/common/apputils.c:912:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom((unsigned int) (turn_getRandTime() + (unsigned int)((long)(&turn_getRandTime))));
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:641:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "mftcPHp:L:l:A:T:")) != -1) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:275:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt_long(argc, argv, "hvedi:j:k:l:m:n:o:p:q:r:t:u:",long_options, &option_index)) != -1) {
data/coturn-4.5.1.3/src/apps/peer/mainudpserver.c:68:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "d:p:L:v")) != -1)
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:128:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *home=getenv("HOME");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1038:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(times.tv_nsec);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1757:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt_long(argc, argv, ADMIN_OPTIONS, uo.u.o, NULL)) != -1)) {
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2165:16: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt_long(argc, argv, OPTIONS, uo.u.o, NULL)) != -1)) {
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2221:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt_long(argc, argv, OPTIONS, uo.u.o, NULL)) != -1)) {
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2247:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while (((c = getopt_long(argc, argv, OPTIONS, uo.u.o, NULL)) != -1)) {
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3776:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r->id = (uint32_t)random();
data/coturn-4.5.1.3/src/apps/relay/turn_ports.c:93:72: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint16_t port1 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)random())%((unsigned long)size)));
data/coturn-4.5.1.3/src/apps/relay/turn_ports.c:94:72: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint16_t port2 = (uint16_t)(tp->low + (uint16_t)(((unsigned long)random())%((unsigned long)size)));
data/coturn-4.5.1.3/src/apps/stunclient/stunclient.c:423:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "p:L:f")) != -1) {
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:184:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "a:d:p:l:n:L:m:e:r:u:w:i:k:z:W:C:E:F:o:bZvsyhcxXgtTSAPDNOUMRIGBJ")) != -1) {
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:63:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (((unsigned long)random()) %1000 == 777);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:70:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return ((((unsigned long)random()) %1000) < 200);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:88:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int ctxtype = (int)(((unsigned long)random())%root_tls_ctx_num);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:397:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ep = (((uint8_t)random()) % 2);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:597:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int close_now = (int)(random()%2);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:600:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int close_socket = (int)(random()%2);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:654:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int t = ((uint8_t)random())%3;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:756:80: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
*chn = stun_set_channel_bind_request(&request_message, peer_addr, (uint16_t)random());
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1031:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1036:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1039:33: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int port = (unsigned short)random();
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1043:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1043:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1061:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1066:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1070:49: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
addr_set_port(&arbaddr[i], (unsigned short)random());
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1072:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1072:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1081:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int before=(random()%2 == 0);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1097:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1102:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1106:49: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
addr_set_port(&arbaddr[i], (unsigned short)random());
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1108:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1108:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1269:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1274:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1277:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int port = (unsigned short)random();
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1281:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1281:55: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1293:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1298:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1302:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
addr_set_port(&arbaddr[i], (unsigned short)random());
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1304:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1304:55: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1336:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random() % 2 == 0)
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1341:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int maxi = (unsigned short)random() % EXTRA_CREATE_PERMS;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1343:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
addr_set_port(&arbaddr, (unsigned short)random());
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1345:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1345:55: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
u[(unsigned short)random()%4] = u[(unsigned short)random()%4] + 1;
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:200:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random()%10 == 0) {
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:201:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int np = (int)((unsigned long)random()%10);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:203:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int pos = (int)((unsigned long)random()%(unsigned long)message->len);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:204:36: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int val = (int)((unsigned long)random()%256);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:703:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
tcp_data_connect(elem,(uint64_t)random());
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:893:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int i = (unsigned int)(random()) % elem->pinfo.tcp_conn_number;
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1240:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int t = ((uint8_t)random())%3;
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1531:65: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
elems[i]->to_send_timems = current_mstime + 1000 + ((uint32_t)random())%5000;
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1615:26: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
cok=((unsigned short)random())%3;
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1624:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random_lifetime = random();
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:100:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ret = random();
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:110:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ar[i] = (uint32_t)random();
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2465:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
nonce[i] = (unsigned char)random();
data/coturn-4.5.1.3/src/apps/common/apputils.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[65536];
data/coturn-4.5.1.3/src/apps/common/apputils.c:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[129];
data/coturn-4.5.1.3/src/apps/common/apputils.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char absfn[1025];
data/coturn-4.5.1.3/src/apps/common/apputils.c:816:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(config_file, "r");
data/coturn-4.5.1.3/src/apps/common/apputils.c:832:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "r");
data/coturn-4.5.1.3/src/apps/common/apputils.c:862:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "r");
data/coturn-4.5.1.3/src/apps/common/apputils.c:1069:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(raw->as_rs_alg,oakd->as_rs_alg,sizeof(oakd->as_rs_alg));
data/coturn-4.5.1.3/src/apps/common/apputils.c:1070:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(raw->kid,oakd->kid,sizeof(oakd->kid));
data/coturn-4.5.1.3/src/apps/common/apputils.c:1076:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ikm_key,oakd->ikm_key,ikm_key_size);
data/coturn-4.5.1.3/src/apps/common/apputils.h:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kid[OAUTH_KID_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/apputils.h:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ikm_key[OAUTH_KEY_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/apputils.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_rs_alg[OAUTH_ALG_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/apputils.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[STUN_MAX_REALM_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[513];
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[513];
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:209:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rm.format+strlen(rm.format),"%s");
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[256];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_RTPPRINTF_BUFFER_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[INET6_ADDRSTRLEN];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:237:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char log_fn[FILE_STR_LEN]="\0";
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:238:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char log_fn_base[FILE_STR_LEN]="\0";
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logdate[125];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:373:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(log_fn, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logbase[FILE_STR_LEN];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logtail[FILE_STR_LEN];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:389:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logf[FILE_STR_LEN];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:401:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:409:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:417:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:424:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:430:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "a");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:466:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(log_fn,"r");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logf[FILE_STR_LEN];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:488:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_rtpfile = fopen(logf, "w");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_RTPPRINTF_BUFFER_SIZE+1];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:622:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char otmp[STUN_MAX_ORIGIN_SIZE+STUN_MAX_ORIGIN_SIZE];
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:623:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(scheme,otmp,schlen);
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_addr_string[256]="\0";
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:616:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local2_addr_string[256]="\0";
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:662:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
remote_port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:668:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/natdiscovery/natdiscovery.c:674:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timer = atoi(optarg);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025] = "\0";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:145:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(etoken.token,tmp,etoken.size);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcm_nonce[OAUTH_GCM_NONCE_SIZE+1]="";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mac_key[OAUTH_MAC_KEY_SIZE+1]="";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kid[OAUTH_LTK_ID_SIZE+1] = "";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base64encoded_ltk[OAUTH_LTK_BASE64ENCODED_SIZE+1]="";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_rs_alg[OAUTH_AS_RS_ALG_SIZE+1]="A256GCM";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_name[OAUTH_SERVER_NAME_SIZE+1] = "";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base64encoded_etoken[OAUTH_TOKEN_SIZE]="";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hmac_alg[OAUTH_HMAC_ALG_SIZE+1]="HMAC-SHA1";
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:319:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key_timestamp = atoi(optarg);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:323:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
key_lifetime=atoi(optarg);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:358:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
token_lifetime=atoi(optarg);
data/coturn-4.5.1.3/src/apps/peer/mainudpserver.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[1025] = "\0";
data/coturn-4.5.1.3/src/apps/peer/mainudpserver.c:74:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/peer/udpserver.h:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:225:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[sizeof(hmackey_t) + sizeof(hmackey_t) + 1];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:226:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value, kval, sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_collection_name[129];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:886:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(_k, "options.");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field_name[129];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:1024:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:80:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8] = {0}; //changed
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:82:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outdata[256]; //changed
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last[1024]="";
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:165:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->port = (unsigned int)atoi(seq+1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:167:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->port = (unsigned int)atoi(seq+1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:169:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->connect_timeout = (unsigned int)atoi(seq+1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:171:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->connect_timeout = (unsigned int)atoi(seq+1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:173:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->read_timeout = (unsigned int)atoi(seq+1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:325:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_secret[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:326:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],auth_secret,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:347:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:368:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[sizeof(hmackey_t)+sizeof(hmackey_t)+1];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:369:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],kval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:412:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],key->ikm_key,lengths[0]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:415:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stimestamp[128];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:416:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[1],stimestamp,lengths[1]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:420:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slifetime[128];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:421:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[2],slifetime,lengths[2]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:425:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[3],key->as_rs_alg,lengths[3]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:428:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[4],key->realm,lengths[4]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:468:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],key->ikm_key,lengths[0]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:471:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stimestamp[128];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:472:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[1],stimestamp,lengths[1]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:476:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slifetime[128];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:477:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[2],slifetime,lengths[2]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:481:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[3],key->as_rs_alg,lengths[3]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:484:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[4],key->realm,lengths[4]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:487:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[5],key->kid,lengths[5]);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:495:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:500:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:606:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:739:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:789:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:836:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:975:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1001:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1002:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],kval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1005:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rval[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1006:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[1],rval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1026:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1045:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oval[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1046:10: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],oval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1107:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rval[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1109:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[0],rval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oval[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1113:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[1],oval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1115:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vval[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1117:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(row[2],vval,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1123:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.total_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1125:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.user_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:98:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:161:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:221:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:226:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:547:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:687:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:819:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.total_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:821:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.user_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:875:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:904:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:129:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->port = (unsigned int) atoi(seq + 1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:131:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->port = (unsigned int) atoi(seq + 1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:133:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->connect_timeout = (unsigned int) atoi(seq + 1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:135:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
co->connect_timeout = (unsigned int) atoi(seq + 1);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[256] = "\0";
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:220:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[513];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:251:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = redisLibeventAttach(base, co->host, co->port, co->password, atoi(co->dbname));
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:296:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[256] = "\0";
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1025];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:387:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*value = (unsigned long)atol(rget->str);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:530:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:718:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[257];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:810:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:834:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:853:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:955:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1050:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1058:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[257];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1025];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1230:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:373:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:378:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt[256];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:444:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:698:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:847:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:878:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:937:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1020:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1112:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.total_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1114:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.user_quota = (vint)atoi(vval);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbdriver.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is[3];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:140:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *buffer, result[EVP_MAX_MD_SIZE];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:144:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:180:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + sizeof(peer.s4.sin_port),
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer,
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + sizeof(in_port_t),
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cookie, result, resultlength);
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:215:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[COOKIE_SECRET_LENGTH];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:529:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sl[129];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:530:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sr[129];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:674:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[65535];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:784:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/dtls_listener.c:862:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:63:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_http[1025];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:64:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_http[1025];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:69:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data_http,data,len_http);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:82:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer_date[256];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:83:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer_header[1025];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(post_data, data, data_len);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:122:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[1];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:345:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(str,sb->buffer+sb->sz,len+1);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssz[129];
data/coturn-4.5.1.3/src/apps/relay/http_server.c:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssz[129];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deflate_buffer[1024];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:326:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[3];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:784:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, buffer + 1, size - 1);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inflate_buffer[1024];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1170:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[2];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[3];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1288:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sb[3];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1299:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[5];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char STUN_ALPN[128] = "stun.nat-discovery";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TURN_ALPN[128] = "stun.turn";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:54:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HTTP_ALPN[128] = "http/1.1";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char procusername[1025]="\0";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:184:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char procgroupname[1025]="\0";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[INET6_ADDRSTRLEN] = "";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[INET6_ADDRSTRLEN] = "";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[INET6_ADDRSTRLEN] = "";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:978:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_ctr(struct ctr_state *state, const unsigned char iv[8]){
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:982:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->ivec, iv, 8);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1007:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8] = {0}; //changed
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1008:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[1024]; //changed
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1010:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total[256];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1035:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[16];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1054:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(filePath, "w");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1093:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[8] = {0};
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1095:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outdata[256];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last[1024]="";
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1119:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(s);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1171:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ne = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1190:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cli_max_output_sessions = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1209:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cli_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1225:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
web_admin_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1259:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1262:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if(atoi(value)<=0) {
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1265:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.general_relay_servers_number = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1275:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.listener_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1278:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.tls_listener_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1281:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.alt_listener_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1284:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.alt_tls_listener_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1287:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.tcp_proxy_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1291:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.min_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1294:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.max_port = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1318:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TURN_MAX_ALLOCATE_TIMEOUT = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1319:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TURN_MAX_ALLOCATE_TIMEOUT_STUN_ONLY = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1476:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.user_quota = (vint)atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1477:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
get_realm(NULL)->options.perf_options.user_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1480:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.total_quota = (vint)atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1481:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
get_realm(NULL)->options.perf_options.total_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1631:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char config_file[1025] = DEFAULT_CONFIG_FILE;
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1663:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(full_path_to_config_file, "r");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1667:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1668:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sarg[1035];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1742:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char generated_key[16]; //changed
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1761:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[257];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1778:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
po.user_quota = (vint)atoi(optarg);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1781:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
po.total_quota = (vint)atoi(optarg);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1784:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
po.max_bps = (vint)atoi(optarg);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1893:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[257];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1908:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen((char*)optarg, "r");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2049];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2424:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(turn_params.pidfile,"w");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2442:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(*ppfs,"w");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2478:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char some_buffer[65536];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2578:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = full_path_to_file ? fopen(full_path_to_file,"r") : NULL;
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2918:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *paramfile = fopen(turn_params.dh_file, "r");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2962:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(turn_params.secret_key_file, "r");
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cipher_list[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ec_curve_name[33];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ca_cert_file[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_file[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey_file[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tls_password[513];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dh_file[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfile[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listener_ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char redis_statsdb[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relay_ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oauth_server_name[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char secret_key_file[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:325:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char secret_key[1025];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:385:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ivec[16];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:387:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ecount[16];
data/coturn-4.5.1.3/src/apps/relay/mainrelay.h:396:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int init_ctr(struct ctr_state *state, const unsigned char iv[8]);
data/coturn-4.5.1.3/src/apps/relay/netengine.c:364:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbaddr[129];
data/coturn-4.5.1.3/src/apps/relay/netengine.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbaddr[129];
data/coturn-4.5.1.3/src/apps/relay/netengine.c:467:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key,am.key,sizeof(hmackey_t));
data/coturn-4.5.1.3/src/apps/relay/netengine.c:917:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ioa_network_buffer_data(nbh),ioa_network_buffer_data(mm.m.tc.nbh),ioa_network_buffer_get_size(nbh));
data/coturn-4.5.1.3/src/apps/relay/netengine.c:1205:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/netengine.c:1324:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/netengine.c:1405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/netengine.c:1481:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:203:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sraddr[129]="\0";
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:204:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sladdr[129]="\0";
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:320:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buf,buf_elem->buf.buf,len);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:417:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ptv,&(e->predef_timers[t]),sizeof(struct timeval));
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:1136:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(sa,&client_addr,socklen);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:1907:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:1949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[65536];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[12];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote.sin_addr.s_addr, &buf[16], 4);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&local.sin_addr.s_addr, &buf[20], 4);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote.sin_port, &buf[24], 2);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&local.sin_port, &buf[26], 2);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote.sin6_addr.s6_addr, &buf[16], 16);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&local.sin6_addr.s6_addr, &buf[32], 16);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2212:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&remote.sin6_port, &buf[48], 2);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&local.sin6_port, &buf[50], 2);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2733:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char some_buffer[8192];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sraddr[129]="\0";
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2852:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sraddr[129]="\0";
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2859:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2863:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2867:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2871:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:2883:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[256];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3011:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3234:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfrom[129];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3236:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sto[129];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[129];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3605:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3633:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3677:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1024];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_impl.h:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmsg[TURN_CMSG_SZ+1];
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_impl.h:164:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relay_ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/tls_listener.c:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[1025];
data/coturn-4.5.1.3/src/apps/relay/tls_listener.c:79:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(sa,&(server->sm.m.sm.nd.src_addr),socklen);
data/coturn-4.5.1.3/src/apps/relay/tls_listener.c:146:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(sa,&(server->sm.m.sm.nd.src_addr),socklen);
data/coturn-4.5.1.3/src/apps/relay/tls_listener.c:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cli_password[CLI_PASSWORD_LENGTH] = "";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[STUN_MAX_REALM_SIZE+1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[STUN_MAX_ORIGIN_SIZE+1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:387:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.total_quota = atoi(pn+strlen("total-quota"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:391:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.user_quota = atoi(pn+strlen("user-quota"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:403:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cli_max_output_sessions = atoi(pn+strlen("cli-max-output-sessions"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:609:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:671:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:937:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buf0,buf,len);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1022:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cs->f = fopen(cmd,"w");
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1555:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sbat[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1601:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bad_realm[1025] = "_ERROR:UNKNOWN_REALM__";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1612:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bad_eff_realm[1025] = "_ERROR:UNKNOWN_REALM__";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1827:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1025]="\0";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1908:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1999:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.total_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2001:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
turn_params.user_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2015:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.total_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2018:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rp->options.perf_options.user_quota = atoi(value);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2071:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wd[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2384:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:2390:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1025];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3018:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025] = "\0";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3303:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[STUN_MAX_REALM_SIZE+1]="\0";
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3467:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skey[sizeof(hmackey_t) * 2 + 1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_login[ADMIN_USER_MAX_LENGTH + 1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_realm[STUN_MAX_REALM_SIZE + 1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_eff_realm[STUN_MAX_REALM_SIZE + 1];
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.h:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cli_password[CLI_PASSWORD_LENGTH];
data/coturn-4.5.1.3/src/apps/relay/userdb.c:120:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(default_realm_params_ptr->options),ro,sizeof(realm_options_t));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:145:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(default_realm_params_ptr,ret,sizeof(realm_params_t));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:162:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(get_realm(name),rp,sizeof(realm_params_t));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:176:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(rp.options),ro,sizeof(realm_options_t));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:190:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(rp.options),ro,sizeof(realm_options_t));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:348:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts = (turn_time_t)atol(col+1);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:352:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts = (turn_time_t)atol(usname);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:360:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ts = (turn_time_t)atol(usname);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:447:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025] = "\0";
data/coturn-4.5.1.3/src/apps/relay/userdb.c:468:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,etoken.token,(size_t)len);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:518:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(dot.enc_block.mac_key,key,dot.enc_block.key_length);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:625:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ukey,key,sz);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:650:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(am.in_buffer),in_buffer,sizeof(ioa_net_data));
data/coturn-4.5.1.3/src/apps/relay/userdb.c:894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skey[sizeof(hmackey_t) * 2 + 1];
data/coturn-4.5.1.3/src/apps/relay/userdb.c:1058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025];
data/coturn-4.5.1.3/src/apps/relay/userdb.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userdb[TURN_LONG_STRING_SIZE];
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char server_name[33] = "blackdow.carleon.gov";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char long_term_key[33] = "HGkj32KJGiuy098sdfaqbNjOiaz71923";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char mac_key[33] = "ZksjpweoixXmvn67534m";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char kid[33] = "2783466234";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char gcm_nonce[OAUTH_GCM_NONCE_SIZE+1] = "h4j3k2l2n4b5";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:126:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025] = "\0";
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, reqstc, sizeof(reqstc));
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:258:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*) upwd, "VOkJxbRl1RmTxUk/WvJxBt");
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:314:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, reqltc, sizeof(reqltc));
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uname, user, sizeof(user));
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:319:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*) realm, "example.org");
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:320:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*) upwd, "TheMatrIX");
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:321:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)nonce,"f//499k954d6OL34oL9FSTvy64sA");
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:345:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tid.tsx_id,"\x78\xad\x34\x33\xc6\xad\x72\xc0\x29\xda\x41\x2e",12);
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, respv4, sizeof(respv4));
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:426:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*) upwd, "VOkJxbRl1RmTxUk/WvJxBt");
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:497:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, respv6, sizeof(respv6));
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:514:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*) upwd, "VOkJxbRl1RmTxUk/WvJxBt");
data/coturn-4.5.1.3/src/apps/stunclient/stunclient.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_addr[256]="\0";
data/coturn-4.5.1.3/src/apps/stunclient/stunclient.c:429:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_auth_secret[1025]="\0";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ca_cert_file[1025]="";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cipher_suite[1025]="";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert_file[1025]="";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:72:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey_file[1025]="";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:77:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char client_ifname[1025] = "";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[STUN_MAX_ORIGIN_SIZE+1] = "\0";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_addr[256];
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_address[129] = "\0";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:195:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[1025] = "\0";
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:261:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
RTP_PACKET_INTERVAL = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:285:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clmessage_length = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:291:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
messagenumber = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:294:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:303:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
peer_port = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:315:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mclient = atoi(optarg);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:382:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_uname[1025];
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:417:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pwd,g_upwd,pwd_length);
data/coturn-4.5.1.3/src/apps/uclient/session.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsaddr[129];
data/coturn-4.5.1.3/src/apps/uclient/session.h:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsaddr[129];
data/coturn-4.5.1.3/src/apps/uclient/session.h:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[129];
data/coturn-4.5.1.3/src/apps/uclient/session.h:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_mobile_id[33];
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1025];
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:320:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(smid_val, clnet_info->s_mobile_id, (size_t)smid_len);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:481:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&raddr, relay_addr,sizeof(ioa_addr));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:613:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(clnet_info,&ci,sizeof(ci));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:845:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129]="\0";
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:966:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_address[1025];
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:1181:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remote_address[1025];
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer_to_send[65536]="\0";
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:268:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:465:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:535:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:681:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((elem->in_buffer.buf), &mi, sizeof(message_info));
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:733:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data, &mi, sizeof(message_info));
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:789:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(elem->in_buffer.buf + 4, &mi, sizeof(message_info));
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:877:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(elem->out_buffer.buf, buffer_to_send, clmessage_length);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:902:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(elem->out_buffer.buf+4,buffer_to_send,clmessage_length);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1647:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(otoken.enc_block.mac_key,clnet_info->key,otoken.enc_block.key_length);
data/coturn-4.5.1.3/src/apps/uclient/uclient.h:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cert_file[1025];
data/coturn-4.5.1.3/src/apps/uclient/uclient.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char pkey_file[1025];
data/coturn-4.5.1.3/src/apps/uclient/uclient.h:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char g_auth_secret[1025];
data/coturn-4.5.1.3/src/apps/uclient/uclient.h:72:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char client_ifname[1025];
data/coturn-4.5.1.3/src/apps/uclient/uclient.h:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char origin[STUN_MAX_ORIGIN_SIZE+1];
data/coturn-4.5.1.3/src/client++/TurnMsgLib.h:214:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(ptr,_value,_sz);
data/coturn-4.5.1.3/src/client++/TurnMsgLib.h:244:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,_value,_sz);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:110:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(addr->s6.sin6_addr), &a, sizeof(a));
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:126:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(addr->s6.sin6_addr), &a, sizeof(a));
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:134:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src,dst,sizeof(ioa_addr));
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:139:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src,dst,sizeof(struct sockaddr_in));
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:144:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(src,dst,sizeof(struct sockaddr_in6));
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssaddr[257];
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:250:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(addr_result->ai_addr, addr, addr_result->ai_addrlen);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:258:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(addr_result->ai_addr, addr, addr_result->ai_addrlen);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:296:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(tail);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:308:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(tail);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrtmp[INET6_ADDRSTRLEN];
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:370:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrtmp[MAX_IOA_ADDR_STRING];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:90:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(s,smethod,strlen(s)+1);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:291:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[PWD_SALT_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:295:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_salt,salt,PWD_SALT_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:298:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rsalt[PWD_SALT_SIZE*2+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:303:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((char*)rsalt,result+3,PWD_SALT_SIZE+PWD_SALT_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:317:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[129];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:333:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[129];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sc[3];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:370:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[PWD_SALT_SIZE];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc_pin[257];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:529:11: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(val+4, err_msg, msg_len);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:556:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,realm,vlen);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:567:10: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,server_name,vlen);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:580:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,nonce,vlen);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1212:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((const void*)(id2->tsx_id),(void*)(id1->tsx_id),STUN_TID_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1217:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((const void*)(id->tsx_id),s,STUN_TID_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1223:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(s,(void*)(id->tsx_id),STUN_TID_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1335:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value, &token, sizeof(uint64_t));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1465:16: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(alen>0) bcopy(avalue,attr_start+4,alen);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2146:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key,new_key,new_key_size);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2156:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(oakd0,&oakd_obj,sizeof(oauth_key_data));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2183:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(oakd->ikm_key,key->ikm_key,sizeof(key->ikm_key));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2475:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char orig_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2478:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[OAUTH_GCM_NONCE_SIZE];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2480:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(nonce0,nonce,sizeof(nonce));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2490:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(nonce,orig_field+len,OAUTH_GCM_NONCE_SIZE);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2496:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(dtoken->enc_block.mac_key,orig_field+len,dtoken->enc_block.key_length);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2543:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_field,encoded_field,OAUTH_GCM_NONCE_SIZE + 2);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2575:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char snl[2];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2576:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((const unsigned char*)(etoken->token),snl,2);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2591:17: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(nonce,dtoken->enc_block.nonce,nonce_len);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2593:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tag[OAUTH_GCM_TAG_SIZE];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2594:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(((const unsigned char*)etoken->token) + nonce_len + 2 + encoded_field_size, tag ,sizeof(tag));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2596:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char decoded_field[MAX_ENCODED_OAUTH_TOKEN_SIZE];
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2673:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(decoded_field+len,dtoken->enc_block.mac_key,dtoken->enc_block.key_length);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2677:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((decoded_field+len),&ts,sizeof(ts));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2682:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy((decoded_field+len),<,sizeof(lt));
data/coturn-4.5.1.3/src/client/ns_turn_msg_addr.c:99:7: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&ca->s6.sin6_addr, ((uint8_t*)cfield)+4, 16);
data/coturn-4.5.1.3/src/client/ns_turn_msg_addr.c:152:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(((const uint8_t*)cfield)+4, &ca->s6.sin6_addr, 16);
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kid[OAUTH_KID_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ikm_key[OAUTH_KEY_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_rs_alg[OAUTH_ALG_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kid[OAUTH_KID_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ikm_key[OAUTH_KEY_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char as_rs_key[OAUTH_KEY_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth_key[OAUTH_KEY_SIZE+1];
data/coturn-4.5.1.3/src/client/ns_turn_msg_defs.h:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_ENCODED_OAUTH_TOKEN_SIZE];
data/coturn-4.5.1.3/src/server/ns_turn_allocation.c:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[257]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_allocation.c:302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[129];
data/coturn-4.5.1.3/src/server/ns_turn_allocation.c:581:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(tid,&(tc->tid),sizeof(stun_tid));
data/coturn-4.5.1.3/src/server/ns_turn_ioalib.h:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[257];
data/coturn-4.5.1.3/src/server/ns_turn_ioalib.h:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[513];
data/coturn-4.5.1.3/src/server/ns_turn_maps.c:986:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(key,elem->key,elem->key_size);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:312:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/server/ns_turn_server.c:330:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[129];
data/coturn-4.5.1.3/src/server/ns_turn_server.c:645:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(s, dst, output_length);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:899:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[257]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1053:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(value,username,ulen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1476:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_ss->nonce,ss->nonce,sizeof(ss->nonce));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1478:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(&(orig_ss->realm_options),&(ss->realm_options),sizeof(ss->realm_options));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1479:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_ss->username,ss->username,sizeof(ss->username));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1481:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_ss->hmackey,ss->hmackey,sizeof(ss->hmackey));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1483:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_ss->origin,ss->origin,sizeof(ss->origin));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1485:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(orig_ss->pwd,ss->pwd,sizeof(ss->pwd));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smid[sizeof(ss->s_mobile_id)] = "\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1543:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(smid_val, smid, (size_t)smid_len);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ls[257]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2041:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rs[257]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2073:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(data_test,data,len_test);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3275:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(hmackey,ss->hmackey,sizeof(hmackey_t));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3279:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(pwd,ss->pwd,sizeof(password_t));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3389:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(stun_attr_get_value(sar),realm,alen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3431:2: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(stun_attr_get_value(sar),usname,alen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3471:3: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(stun_attr_get_value(sar),nonce,alen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3658:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(stun_attr_get_value(sar),o,sarlen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3684:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smethod[129];
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3693:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smethod[129];
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3714:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(stun_attr_get_value(sar),o,sarlen);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4034:6: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(get_version(server),software,oldsz);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4088:4: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(get_version(server),software,oldsz);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sraddr[129]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4177:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sladdr[129]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sraddr[129]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sladdr[129]="\0";
data/coturn-4.5.1.3/src/server/ns_turn_session.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[STUN_MAX_REALM_SIZE + 1];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[STUN_MAX_ORIGIN_SIZE + 1];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_mobile_id[33];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saddr[TURN_ADDR_STR_SIZE];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tls_method[17];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tls_cipher[65];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realm[STUN_MAX_REALM_SIZE + 1];
data/coturn-4.5.1.3/src/server/ns_turn_session.h:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[STUN_MAX_ORIGIN_SIZE + 1];
data/coturn-4.5.1.3/src/apps/common/apputils.c:206:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_name, (const char*) ifname, sizeof(ifr.ifr_name));
data/coturn-4.5.1.3/src/apps/common/apputils.c:794:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t blen=strlen(absfn);
data/coturn-4.5.1.3/src/apps/common/apputils.c:796:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(absfn+blen,"/",sizeof(absfn)-blen);
data/coturn-4.5.1.3/src/apps/common/apputils.c:797:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(absfn+blen+1,fn,sizeof(absfn)-blen-1);
data/coturn-4.5.1.3/src/apps/common/apputils.c:823:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cflen = strlen(config_file);
data/coturn-4.5.1.3/src/apps/common/apputils.c:826:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dirlen = strlen(config_file_search_dirs[i]);
data/coturn-4.5.1.3/src/apps/common/apputils.c:829:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn, config_file_search_dirs[i], fnsz);
data/coturn-4.5.1.3/src/apps/common/apputils.c:830:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn + dirlen, config_file, fnsz-dirlen);
data/coturn-4.5.1.3/src/apps/common/apputils.c:844:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t celen = strlen(c_execdir);
data/coturn-4.5.1.3/src/apps/common/apputils.c:847:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn,c_execdir,fnsz);
data/coturn-4.5.1.3/src/apps/common/apputils.c:848:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fnlen=strlen(fn);
data/coturn-4.5.1.3/src/apps/common/apputils.c:850:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(fn+fnlen,"/",fnsz-fnlen);
data/coturn-4.5.1.3/src/apps/common/apputils.c:851:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnlen=strlen(fn);
data/coturn-4.5.1.3/src/apps/common/apputils.c:853:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn+fnlen, config_file_search_dirs[i], fnsz-fnlen);
data/coturn-4.5.1.3/src/apps/common/apputils.c:854:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnlen=strlen(fn);
data/coturn-4.5.1.3/src/apps/common/apputils.c:856:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn+fnlen, config_file, fnsz-fnlen);
data/coturn-4.5.1.3/src/apps/common/apputils.c:1074:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ikm_key = (char*)base64_decode(raw->ikm_key,strlen(raw->ikm_key),&ikm_key_size);
data/coturn-4.5.1.3/src/apps/common/hiredis_libevent2.c:209:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(rm.format+strlen(rm.format),"%s");
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:183:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(s);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:185:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(s,strlen(s),1,stdout);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:188:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(s);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:190:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(s,strlen(s),1,stdout);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:294:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f,base,fsz);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:305:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=(int)strlen(base1);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:316:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=(int)strlen(base1);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:325:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tail)<2) {
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:334:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len=(int)strlen(base1);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:525:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz=strlen(s);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:618:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t schlen = strlen(scheme);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:651:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(co,otmp,sz);
data/coturn-4.5.1.3/src/apps/common/ns_turn_utils.c:661:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(co,o,sz);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:108:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t mac_key_length=strlen(mac_key);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:143:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t base64encoded_etoken_length=strlen(base64encoded_etoken);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:292:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_SERVER_NAME_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:301:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_LTK_ID_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:310:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_LTK_BASE64ENCODED_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:327:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_AS_RS_ALG_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:336:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nonce_val = (char*)base64_decode(optarg,strlen(optarg),&nonce_size);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:340:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gcm_nonce,nonce_val,nonce_size);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:345:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mac_key_val = (char*)base64_decode(optarg,strlen(optarg),&mac_key_size);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:349:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(mac_key,mac_key_val,mac_key_size);
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:361:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_TOKEN_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:370:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(optarg) <= OAUTH_HMAC_ALG_SIZE ) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:400:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(server_name) == 0) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:405:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(kid) == 0){
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:409:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(base64encoded_ltk) == 0){
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:422:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (encrypt_flag && strlen(mac_key) == 0) {
data/coturn-4.5.1.3/src/apps/oauth/oauth.c:427:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!encrypt_flag && decrypt_flag && strlen(base64encoded_etoken) == 0) {
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:884:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t klen = 9 + strlen(opt);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:1223:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)realm,bson_iter_utf8(&iter, &length),STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mongo.c:1227:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,bson_iter_utf8(&iter, &length),STUN_MAX_PWD_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:85:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytes_to_decode = strlen(in);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:99:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out=(char*)malloc(sizeof(char)*strlen(last));
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1166:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)realm,row[0],STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_mysql.c:1167:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,row[1],STUN_MAX_PWD_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:138:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(((size_t)len<sz*2)||(strlen(kval)<sz*2)) {
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:856:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)realm,kval,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_pgsql.c:860:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,kval,STUN_MAX_PWD_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:443:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(rget->str)<sz*2) {
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:595:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rhsz=strlen("turn/realm/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:596:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t uhsz = strlen("user/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:666:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen("turn/oauth/kid/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:734:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rhsz=strlen("turn/realm/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:908:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = strlen("turn/origin/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1008:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = strlen("turn/realm/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1052:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t header_len = strlen(header);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1149:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = strlen("turn/origin/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1248:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)realm,val,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1250:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,val,STUN_MAX_PWD_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_redis.c:1330:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen("turn/admin_user/");
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:141:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t szh = strlen(home);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:142:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(dir0)+1+szh;
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:144:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir_fixed,home,szh);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:145:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir_fixed+szh,dir+1,(sz-szh-1));
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:146:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dir0,dir_fixed,sz);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1163:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)realm,kval,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/dbdrivers/dbd_sqlite.c:1167:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,kval,STUN_MAX_PWD_SIZE);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:67:172: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(data_http,sizeof(data_http)-1,"HTTP/1.0 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: %d\r\n\r\n%.906s",TURN_SOFTWARE,(int)strlen(content_http),content_http);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:68:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_http = strlen(data_http);
data/coturn-4.5.1.3/src/apps/relay/http_server.c:192:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->headers->post_headers = post_parse(body,strlen(body));
data/coturn-4.5.1.3/src/apps/relay/http_server.c:340:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:729:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(c) + 1;
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:741:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c += strlen(c) + 1;
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1477:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_send(telnet, string, strlen(string));
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1493:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_send(telnet, ttype, strlen(ttype));
data/coturn-4.5.1.3/src/apps/relay/libtelnet.c:1544:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
telnet_send(telnet, arg, strlen(arg) + 1);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1016:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CRYPTO_ctr128_encrypt(in, out, strlen((char*)in), &key, state.ivec, state.ecount, &state.num, (block128_f)AES_encrypt);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1018:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AES_ctr128_encrypt(in, out, strlen((char*)in), &key, state.ivec, state.ecount, &state.num);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1021:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalSize += strlen((char*)in);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1022:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen((char*)in);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1082:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size=strlen(input);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1088:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result=(strlen(input)/4*3)-padding;
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1098:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytes_to_decode = strlen(in);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1603:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(*value);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1679:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(s);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:1940:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_SQLITE))
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2276:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(turn_params.default_users_db.persistent_users_db.userdb) && (turn_params.default_users_db.userdb_type == TURN_USERDB_TYPE_SQLITE))
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2592:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(fn,full_path_to_file,sizeof(turn_params.cert_file)-1);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2747:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, (char * )(password), size);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2749:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buf));
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2764:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char sa_len = (unsigned char)strlen(STUN_ALPN);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2765:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char ta_len = (unsigned char)strlen(TURN_ALPN);
data/coturn-4.5.1.3/src/apps/relay/mainrelay.c:2766:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char ha_len = (unsigned char)strlen(HTTP_ALPN);
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:619:88: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ioa_socket_check_bandwidth(ioa_socket_handle s, ioa_network_buffer_handle nbh, int read)
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:655:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read)
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:663:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read)
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:670:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read)
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_engine_impl.c:3303:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return send_data_from_ioa_socket_tcp(s, data, strlen((const char*)data));
data/coturn-4.5.1.3/src/apps/relay/ns_ioalib_impl.h:292:88: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ioa_socket_check_bandwidth(ioa_socket_handle s, ioa_network_buffer_handle nbh, int read);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:387:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
turn_params.total_quota = atoi(pn+strlen("total-quota"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:391:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
turn_params.user_quota = atoi(pn+strlen("user-quota"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:395:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_max_bps((band_limit_t)strtoul(pn+strlen("max-bps"),NULL,10));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:399:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_bps_capacity((band_limit_t)strtoul(pn+strlen("bps-capacity"),NULL,10));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:403:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cli_max_output_sessions = atoi(pn+strlen("cli-max-output-sessions"));
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:612:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," for realm %s",cs->realm);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:612:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," for realm %s",cs->realm);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:614:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," and for origin %s",cs->origin);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:614:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," and for origin %s",cs->origin);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:617:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," for origin %s",cs->origin);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:617:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts)," for origin %s",cs->origin);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:619:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts),": %lu", (unsigned long)arg.counter);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:619:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(ts+strlen(ts),sizeof(ts)-strlen(ts),": %lu", (unsigned long)arg.counter);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:944:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(cmd);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1561:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dst=sbat+strlen(sbat);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1565:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dst=sbat+strlen(sbat);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:1568:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dst=sbat+strlen(sbat);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3366:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3378:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3413:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3513:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3586:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/turn_admin_server.c:3769:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_eff_realm(),realm0,STUN_MAX_REALM_SIZE);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:580:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_calculate_hmac(usname, strlen((char*)usname), (const uint8_t*)secret, strlen(secret), hmac, &hmac_len, SHATYPE_DEFAULT)>=0) {
data/coturn-4.5.1.3/src/apps/relay/userdb.c:580:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_calculate_hmac(usname, strlen((char*)usname), (const uint8_t*)secret, strlen(secret), hmac, &hmac_len, SHATYPE_DEFAULT)>=0) {
data/coturn-4.5.1.3/src/apps/relay/userdb.c:720:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!s || (s==user) || (strlen(s)<2)) {
data/coturn-4.5.1.3/src/apps/relay/userdb.c:725:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(usname,user,ulen);
data/coturn-4.5.1.3/src/apps/relay/userdb.c:737:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(keysource)<sz*2) {
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:74:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(long_term_key),
data/coturn-4.5.1.3/src/apps/rfc5769/rfc5769check.c:78:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t mac_key_length=strlen(mac_key);
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:411:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_calculate_hmac(g_uname, strlen((char*)g_uname), (uint8_t*)g_auth_secret, strlen(g_auth_secret), hmac, &hmac_len, shatype)>=0) {
data/coturn-4.5.1.3/src/apps/uclient/mainuclient.c:411:85: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_calculate_hmac(g_uname, strlen((char*)g_uname), (uint8_t*)g_auth_secret, strlen(g_auth_secret), hmac, &hmac_len, shatype)>=0) {
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:156:14: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(1000);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:264:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(local_address) > 0) {
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:305:11: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(500);
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:340:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:341:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, origin, strlen(origin));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:343:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stun_attr_add(message, STUN_ATTRIBUTE_ORIGIN, some_origin, strlen(some_origin));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:650:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stun_attr_add(&request_message, STUN_ATTRIBUTE_MOBILITY_TICKET, (const char*)clnet_info->s_mobile_id, strlen(clnet_info->s_mobile_id));
data/coturn-4.5.1.3/src/apps/uclient/startuclient.c:682:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1409:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(SLEEP_INTERVAL);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1418:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(SLEEP_INTERVAL);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1428:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(SLEEP_INTERVAL);
data/coturn-4.5.1.3/src/apps/uclient/uclient.c:1437:17: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
if(!dos) usleep(SLEEP_INTERVAL);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:196:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len=strlen(saddr);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:348:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)saddr, addrtmp, MAX_IOA_ADDR_STRING);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:354:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)saddr, addrtmp, MAX_IOA_ADDR_STRING);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:374:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)saddr, addrtmp, MAX_IOA_ADDR_STRING);
data/coturn-4.5.1.3/src/client/ns_turn_ioaddr.c:377:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)saddr, addrtmp, MAX_IOA_ADDR_STRING);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:90:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bcopy(s,smethod,strlen(s)+1);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:162:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ulen = strlen((const char*)uname);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:163:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rlen = strlen((const char*)realm);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:164:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plen = strlen((const char*)upwd);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:169:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)str,(const char*)uname,sz);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:171:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)str+ulen+1,(const char*)realm,sz-ulen-1);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:173:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)str+ulen+1+rlen+1,(const char*)upwd,sz-ulen-1-rlen-1);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:315:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EVP_DigestUpdate(&ctx,pwd,strlen(pwd));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:331:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EVP_DigestUpdate(ctx,pwd,strlen(pwd));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:351:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pin)>=min_len) {
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:750:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*) (avalue + 4), (const char*) reason, sizeof(avalue)-4);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:752:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int alen = 4 + (int)strlen((const char*) (avalue+4));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:880:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen=strlen(needle);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:911:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned long clen = strtoul(cl+strlen(clheader),NULL,10);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1092:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_attr_add_str(buf,len,STUN_ATTRIBUTE_MOBILITY_TICKET,(uint8_t*)mobile_id,(int)strlen(mobile_id))<0) return -1;
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1584:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*) (avalue + 4), (const char*) reason, sizeof(avalue)-4);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1586:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int alen = 4 + (int)strlen((const char*) (avalue+4));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1853:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_calculate_hmac(buf, *len-4-shasize, pwd, strlen((char*)pwd), buf+*len-shasize, &shasize, shatype)<0)
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1865:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_USERNAME, uname, (int)strlen((const char*)uname))<0)
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1868:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_NONCE, nonce, (int)strlen((const char*)nonce))<0)
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1871:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_REALM, realm, (int)strlen((const char*)realm))<0)
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1890:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(stun_attr_add_str(buf, len, STUN_ATTRIBUTE_USERNAME, uname, (int)strlen((const char*)uname))<0)
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1960:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = stun_calculate_hmac(buf, (size_t) new_len - 4 - shasize, pwd, strlen((char*)pwd), new_hmac, &shasize, shatype);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:1988:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)pwd,(const char*)upwd,sizeof(password_t));
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2533:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sn_len = strlen((const char*)server_name);
data/coturn-4.5.1.3/src/client/ns_turn_msg.c:2636:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sn_len = strlen((const char*)server_name);
data/coturn-4.5.1.3/src/ns_turn_defs.h:135:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char*)(dst),(const char*)(src),szdst);\
data/coturn-4.5.1.3/src/server/ns_turn_maps.c:984:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elem->key_size = strlen(key)+1;
data/coturn-4.5.1.3/src/server/ns_turn_server.c:662:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char *out = base64_decode(src, strlen(src), &output_length);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1765:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t*)ss->s_mobile_id,strlen(ss->s_mobile_id));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1770:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:1845:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t*)ss->s_mobile_id,strlen(ss->s_mobile_id));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2072:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_test = strlen(data_test);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2251:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:2527:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3241:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint8_t*)realm, (int)(strlen((char*)(realm))));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3253:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(server_name));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3723:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ss->origin,corigin,STUN_MAX_ORIGIN_SIZE);
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3847:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:3948:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4028:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4082:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t oldsz = strlen(get_version(server));
data/coturn-4.5.1.3/src/server/ns_turn_server.c:4830:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fsz = strlen(get_version(server));
ANALYSIS SUMMARY:
Hits = 889
Lines analyzed = 51262 in approximately 1.37 seconds (37397 lines/second)
Physical Source Lines of Code (SLOC) = 38543
Hits@level = [0] 534 [1] 201 [2] 599 [3] 68 [4] 21 [5] 0
Hits@level+ = [0+] 1423 [1+] 889 [2+] 688 [3+] 89 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 36.9198 [1+] 23.0651 [2+] 17.8502 [3+] 2.30911 [4+] 0.544846 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.