Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cryptsetup-2.3.4/docs/doxygen_index.h
Examining data/cryptsetup-2.3.4/docs/examples/crypt_log_usage.c
Examining data/cryptsetup-2.3.4/docs/examples/crypt_luks_usage.c
Examining data/cryptsetup-2.3.4/lib/base64.c
Examining data/cryptsetup-2.3.4/lib/base64.h
Examining data/cryptsetup-2.3.4/lib/bitlk/bitlk.c
Examining data/cryptsetup-2.3.4/lib/bitlk/bitlk.h
Examining data/cryptsetup-2.3.4/lib/bitops.h
Examining data/cryptsetup-2.3.4/lib/crypt_plain.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2-impl.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blamka-round-opt.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blamka-round-ref.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/core.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/core.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/opt.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/ref.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/thread.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2/thread.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/argon2_generic.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/cipher_check.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/cipher_generic.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crc32.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_backend.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_backend_internal.h
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_gcrypt.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_kernel.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nettle.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/crypto_storage.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c
Examining data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf_check.c
Examining data/cryptsetup-2.3.4/lib/integrity/integrity.c
Examining data/cryptsetup-2.3.4/lib/integrity/integrity.h
Examining data/cryptsetup-2.3.4/lib/internal.h
Examining data/cryptsetup-2.3.4/lib/libcryptsetup.h
Examining data/cryptsetup-2.3.4/lib/libdevmapper.c
Examining data/cryptsetup-2.3.4/lib/loopaes/loopaes.c
Examining data/cryptsetup-2.3.4/lib/loopaes/loopaes.h
Examining data/cryptsetup-2.3.4/lib/luks1/af.c
Examining data/cryptsetup-2.3.4/lib/luks1/af.h
Examining data/cryptsetup-2.3.4/lib/luks1/keyencryption.c
Examining data/cryptsetup-2.3.4/lib/luks1/keymanage.c
Examining data/cryptsetup-2.3.4/lib/luks1/luks.h
Examining data/cryptsetup-2.3.4/lib/luks2/luks2.h
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_digest_pbkdf2.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_internal.h
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_json_format.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot_luks2.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot_reenc.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_token.c
Examining data/cryptsetup-2.3.4/lib/luks2/luks2_token_keyring.c
Examining data/cryptsetup-2.3.4/lib/nls.h
Examining data/cryptsetup-2.3.4/lib/random.c
Examining data/cryptsetup-2.3.4/lib/setup.c
Examining data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c
Examining data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.h
Examining data/cryptsetup-2.3.4/lib/utils.c
Examining data/cryptsetup-2.3.4/lib/utils_benchmark.c
Examining data/cryptsetup-2.3.4/lib/utils_blkid.c
Examining data/cryptsetup-2.3.4/lib/utils_blkid.h
Examining data/cryptsetup-2.3.4/lib/utils_crypt.c
Examining data/cryptsetup-2.3.4/lib/utils_crypt.h
Examining data/cryptsetup-2.3.4/lib/utils_device.c
Examining data/cryptsetup-2.3.4/lib/utils_device_locking.c
Examining data/cryptsetup-2.3.4/lib/utils_device_locking.h
Examining data/cryptsetup-2.3.4/lib/utils_devpath.c
Examining data/cryptsetup-2.3.4/lib/utils_dm.h
Examining data/cryptsetup-2.3.4/lib/utils_fips.c
Examining data/cryptsetup-2.3.4/lib/utils_fips.h
Examining data/cryptsetup-2.3.4/lib/utils_io.c
Examining data/cryptsetup-2.3.4/lib/utils_io.h
Examining data/cryptsetup-2.3.4/lib/utils_keyring.c
Examining data/cryptsetup-2.3.4/lib/utils_keyring.h
Examining data/cryptsetup-2.3.4/lib/utils_loop.c
Examining data/cryptsetup-2.3.4/lib/utils_loop.h
Examining data/cryptsetup-2.3.4/lib/utils_pbkdf.c
Examining data/cryptsetup-2.3.4/lib/utils_safe_memory.c
Examining data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c
Examining data/cryptsetup-2.3.4/lib/utils_storage_wrappers.h
Examining data/cryptsetup-2.3.4/lib/utils_wipe.c
Examining data/cryptsetup-2.3.4/lib/verity/rs.h
Examining data/cryptsetup-2.3.4/lib/verity/rs_decode_char.c
Examining data/cryptsetup-2.3.4/lib/verity/rs_encode_char.c
Examining data/cryptsetup-2.3.4/lib/verity/verity.c
Examining data/cryptsetup-2.3.4/lib/verity/verity.h
Examining data/cryptsetup-2.3.4/lib/verity/verity_fec.c
Examining data/cryptsetup-2.3.4/lib/verity/verity_hash.c
Examining data/cryptsetup-2.3.4/lib/volumekey.c
Examining data/cryptsetup-2.3.4/misc/dict_search/crypt_dict.c
Examining data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c
Examining data/cryptsetup-2.3.4/misc/luks2_keyslot_example/keyslot_test.c
Examining data/cryptsetup-2.3.4/misc/luks2_keyslot_example/keyslot_test_remote_pass.c
Examining data/cryptsetup-2.3.4/src/cryptsetup.c
Examining data/cryptsetup-2.3.4/src/cryptsetup.h
Examining data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c
Examining data/cryptsetup-2.3.4/src/integritysetup.c
Examining data/cryptsetup-2.3.4/src/utils_blockdev.c
Examining data/cryptsetup-2.3.4/src/utils_luks2.c
Examining data/cryptsetup-2.3.4/src/utils_password.c
Examining data/cryptsetup-2.3.4/src/utils_tools.c
Examining data/cryptsetup-2.3.4/src/veritysetup.c
Examining data/cryptsetup-2.3.4/tests/api-test-2.c
Examining data/cryptsetup-2.3.4/tests/api-test.c
Examining data/cryptsetup-2.3.4/tests/api_test.h
Examining data/cryptsetup-2.3.4/tests/crypto-vectors.c
Examining data/cryptsetup-2.3.4/tests/differ.c
Examining data/cryptsetup-2.3.4/tests/test_utils.c
Examining data/cryptsetup-2.3.4/tests/unit-utils-io.c
Examining data/cryptsetup-2.3.4/debian/askpass.c
Examining data/cryptsetup-2.3.4/debian/scripts/passdev.c
Examining data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c

FINAL RESULTS:

data/cryptsetup-2.3.4/lib/setup.c:193:4:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
			strncat(target, "\n", LOG_MAX_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:961:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
		strncat(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_devpath.c:139:8:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	len = readlink(path, link, sizeof(link) - 1);
data/cryptsetup-2.3.4/lib/utils_devpath.c:285:8:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	len = readlink(path, link, sizeof(link) - 1);
data/cryptsetup-2.3.4/lib/utils_devpath.c:352:8:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	len = readlink(path, link, sizeof(link) - 1);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:702:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
		if ((r = chmod(rc->header_file_tmp, st.st_mode | S_IWUSR)))
data/cryptsetup-2.3.4/src/utils_tools.c:95:4:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
			strncat(target, "\n", LOG_MAX_LEN);
data/cryptsetup-2.3.4/tests/api-test-2.c:4163:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
data/cryptsetup-2.3.4/tests/api-test-2.c:4193:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	OK_(chmod(BACKUP_FILE, S_IRUSR|S_IWUSR));
data/cryptsetup-2.3.4/debian/askpass.c:71:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(dbgfile, fmt, ap);
data/cryptsetup-2.3.4/debian/askpass.c:163:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(SYSTEMD_ASKPASS, X_OK))
data/cryptsetup-2.3.4/debian/askpass.c:180:3:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execl(SYSTEMD_ASKPASS, SYSTEMD_ASKPASS,
data/cryptsetup-2.3.4/debian/askpass.c:229:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(PLYMOUTH_PATH, X_OK))
data/cryptsetup-2.3.4/debian/askpass.c:232:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if (system(PLYMOUTH_PATH" --ping"))
data/cryptsetup-2.3.4/debian/askpass.c:257:3:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execl(PLYMOUTH_PATH, PLYMOUTH_PATH,
data/cryptsetup-2.3.4/debian/askpass.c:387:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (access(CONSOLE_PATH, R_OK | W_OK)) {
data/cryptsetup-2.3.4/debian/scripts/passdev.c:46:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, fmt, ap);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:88:4:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
			execl("/bin/mount", "/bin/mount", "-n", "-t",
data/cryptsetup-2.3.4/debian/scripts/passdev.c:157:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(devpath, F_OK)) {
data/cryptsetup-2.3.4/debian/scripts/passdev.c:159:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		while(access(devpath, F_OK)) {
data/cryptsetup-2.3.4/debian/scripts/passdev.c:197:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(keypath, "%s/%s", tmppath, filepath);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:200:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(keypath, F_OK)) {
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:92:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(SYSFS_POWER_SYNC_ON_SUSPEND, W_OK) < 0) {
data/cryptsetup-2.3.4/lib/internal.h:196:126:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void logger(struct crypt_device *cd, int level, const char *file, int line, const char *format, ...) __attribute__ ((format (printf, 5, 6)));
data/cryptsetup-2.3.4/lib/libdevmapper.c:91:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 4, 5)))
data/cryptsetup-2.3.4/lib/libdevmapper.c:613:25:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
data/cryptsetup-2.3.4/lib/libdevmapper.c:613:46:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
data/cryptsetup-2.3.4/lib/libdevmapper.c:613:70:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	r = cipher_c2dm(tgt->u.crypt.cipher, tgt->u.crypt.integrity, tgt->u.crypt.tag_size,
data/cryptsetup-2.3.4/lib/libdevmapper.c:630:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (tgt->u.crypt.integrity)
data/cryptsetup-2.3.4/lib/libdevmapper.c:633:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (tgt->u.crypt.sector_size != SECTOR_SIZE) {
data/cryptsetup-2.3.4/lib/libdevmapper.c:635:78:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		snprintf(sector_feature, sizeof(sector_feature), " sector_size:%u", tgt->u.crypt.sector_size);
data/cryptsetup-2.3.4/lib/libdevmapper.c:655:30:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10;
data/cryptsetup-2.3.4/lib/libdevmapper.c:655:76:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10;
data/cryptsetup-2.3.4/lib/libdevmapper.c:658:55:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		hexkey = crypt_safe_alloc(null_cipher ? 2 : (tgt->u.crypt.vk->keylength * 2 + 1));
data/cryptsetup-2.3.4/lib/libdevmapper.c:666:60:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/libdevmapper.c:666:88:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = snprintf(hexkey, keystr_len, ":%zu:logon:%s", tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/libdevmapper.c:672:26:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		hex_key(hexkey, tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/libdevmapper.c:672:54:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		hex_key(hexkey, tgt->u.crypt.vk->keylength, tgt->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/libdevmapper.c:682:34:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		     cipher_dm, hexkey, tgt->u.crypt.iv_offset,
data/cryptsetup-2.3.4/lib/libdevmapper.c:683:52:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		     device_block_path(tgt->data_device), tgt->u.crypt.offset,
data/cryptsetup-2.3.4/lib/libdevmapper.c:728:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(fec_features, sizeof(fec_features)-1,
data/cryptsetup-2.3.4/lib/libdevmapper.c:825:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(feature, sizeof(feature),
data/cryptsetup-2.3.4/lib/libdevmapper.c:833:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(feature, sizeof(feature),
data/cryptsetup-2.3.4/lib/libdevmapper.c:971:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	r = snprintf(params, max_size, "%s %" PRIu64,
data/cryptsetup-2.3.4/lib/libdevmapper.c:1209:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	i = snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s%s",
data/cryptsetup-2.3.4/lib/libdevmapper.c:1519:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		crypt_free_volume_key(tgt->u.crypt.vk);
data/cryptsetup-2.3.4/lib/libdevmapper.c:1520:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		free(CONST_CAST(void*)tgt->u.crypt.cipher);
data/cryptsetup-2.3.4/lib/libdevmapper.c:1560:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		free(CONST_CAST(void*)tgt->u.crypt.integrity);
data/cryptsetup-2.3.4/lib/libdevmapper.c:1683:22:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if (dmd->segment.u.crypt.integrity && !(dmt_flags & DM_INTEGRITY_SUPPORTED))
data/cryptsetup-2.3.4/lib/libdevmapper.c:1685:22:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if (dmd->segment.u.crypt.sector_size != SECTOR_SIZE && !(dmt_flags & DM_SECTOR_SIZE_SUPPORTED))
data/cryptsetup-2.3.4/lib/libdevmapper.c:1911:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.sector_size = SECTOR_SIZE;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1927:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.iv_offset = val64;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1945:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.offset = val64;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1947:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.tag_size = 0;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1978:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				tgt->u.crypt.tag_size = val;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1984:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				tgt->u.crypt.sector_size = val;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2051:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.cipher = cipher;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2053:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.integrity = integrity;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2057:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = vk;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2397:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
			else if (sscanf(arg, "sectors_per_bit:%" PRIu64, &val64) == 1) {
data/cryptsetup-2.3.4/lib/libdevmapper.c:2983:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.vk = vk;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2987:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.cipher = cipher;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2988:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.integrity = dm_integrity;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2989:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.iv_offset = iv_offset;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2990:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.offset = data_offset;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2991:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.tag_size = tag_size;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2992:9:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tgt->u.crypt.sector_size = sector_size;
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:258:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	r = snprintf(num, sizeof(num), "%" PRIu64, value);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2180:17:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		dmd.segment.u.crypt.offset = 0;
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2233:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	r = snprintf(deps_uuid_prefix, sizeof(deps_uuid_prefix), CRYPT_SUBDEV "-%.32s", dmd->uuid + 6);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2279:54:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2314:56:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
						crypt_drop_keyring_key_by_description(cd, tgt->u.crypt.vk->key_description, LOGON_KEY);
data/cryptsetup-2.3.4/lib/setup.c:178:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 6)))
data/cryptsetup-2.3.4/lib/setup.c:188:8:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	len = vsnprintf(&target[0], LOG_MAX_LEN, format, argp);
data/cryptsetup-2.3.4/lib/setup.c:1082:40:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = crypt_parse_name_and_mode(tgt->u.crypt.cipher,
data/cryptsetup-2.3.4/lib/setup.c:1090:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.none.key_size = tgt->u.crypt.vk->keylength;
data/cryptsetup-2.3.4/lib/setup.c:1177:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		r = snprintf(deps_uuid_prefix, sizeof(deps_uuid_prefix), CRYPT_SUBDEV "-%.32s", dmd.uuid + 6);
data/cryptsetup-2.3.4/lib/setup.c:1188:73:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	r = crypt_parse_name_and_mode(tgt->type == DM_LINEAR ? "null" : tgt->u.crypt.cipher, cipher,
data/cryptsetup-2.3.4/lib/setup.c:1197:38:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (tgt->type == DM_CRYPT && tgt->u.crypt.integrity && (namei = device_dm_name(tgt->data_device))) {
data/cryptsetup-2.3.4/lib/setup.c:1251:35:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.plain.hdr.offset = tgt->u.crypt.offset;
data/cryptsetup-2.3.4/lib/setup.c:1252:33:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.plain.hdr.skip = tgt->u.crypt.iv_offset;
data/cryptsetup-2.3.4/lib/setup.c:1253:40:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.plain.hdr.sector_size = tgt->u.crypt.sector_size;
data/cryptsetup-2.3.4/lib/setup.c:1254:33:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.plain.key_size = tgt->u.crypt.vk->keylength;
data/cryptsetup-2.3.4/lib/setup.c:1259:37:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.loopaes.hdr.offset = tgt->u.crypt.offset;
data/cryptsetup-2.3.4/lib/setup.c:1264:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if (tgt->u.crypt.vk->keylength % key_nums)
data/cryptsetup-2.3.4/lib/setup.c:1266:35:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		cd->u.loopaes.key_size = tgt->u.crypt.vk->keylength / key_nums;
data/cryptsetup-2.3.4/lib/setup.c:2388:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!src->u.crypt.vk || !tgt->u.crypt.vk)
data/cryptsetup-2.3.4/lib/setup.c:2388:34:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!src->u.crypt.vk || !tgt->u.crypt.vk)
data/cryptsetup-2.3.4/lib/setup.c:2391:34:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
data/cryptsetup-2.3.4/lib/setup.c:2391:54:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
data/cryptsetup-2.3.4/lib/setup.c:2391:71:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (_compare_volume_keys(src->u.crypt.vk, 0, tgt->u.crypt.vk, tgt->u.crypt.vk->key_description != NULL)) {
data/cryptsetup-2.3.4/lib/setup.c:2397:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!src->u.crypt.cipher || !tgt->u.crypt.cipher)
data/cryptsetup-2.3.4/lib/setup.c:2397:38:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!src->u.crypt.cipher || !tgt->u.crypt.cipher)
data/cryptsetup-2.3.4/lib/setup.c:2399:20:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) {
data/cryptsetup-2.3.4/lib/setup.c:2399:41:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (strcmp(src->u.crypt.cipher, tgt->u.crypt.cipher)) {
data/cryptsetup-2.3.4/lib/setup.c:2403:26:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) {
data/cryptsetup-2.3.4/lib/setup.c:2403:50:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (crypt_strcmp(src->u.crypt.integrity, tgt->u.crypt.integrity)) {
data/cryptsetup-2.3.4/lib/setup.c:2408:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (src->u.crypt.offset      != tgt->u.crypt.offset ||
data/cryptsetup-2.3.4/lib/setup.c:2408:41:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (src->u.crypt.offset      != tgt->u.crypt.offset ||
data/cryptsetup-2.3.4/lib/setup.c:2409:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.sector_size != tgt->u.crypt.sector_size ||
data/cryptsetup-2.3.4/lib/setup.c:2409:41:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.sector_size != tgt->u.crypt.sector_size ||
data/cryptsetup-2.3.4/lib/setup.c:2410:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.iv_offset   != tgt->u.crypt.iv_offset ||
data/cryptsetup-2.3.4/lib/setup.c:2410:41:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.iv_offset   != tgt->u.crypt.iv_offset ||
data/cryptsetup-2.3.4/lib/setup.c:2411:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.tag_size    != tgt->u.crypt.tag_size) {
data/cryptsetup-2.3.4/lib/setup.c:2411:41:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    src->u.crypt.tag_size    != tgt->u.crypt.tag_size) {
data/cryptsetup-2.3.4/lib/setup.c:2548:64:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || tgt->u.crypt.tag_size) {
data/cryptsetup-2.3.4/lib/setup.c:2569:47:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/setup.c:2569:64:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/setup.c:2573:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		crypt_free_volume_key(tgt->u.crypt.vk);
data/cryptsetup-2.3.4/lib/setup.c:2574:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2574:51:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2574:79:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2575:15:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if (!tgt->u.crypt.vk) {
data/cryptsetup-2.3.4/lib/setup.c:2582:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				src->u.crypt.offset, &sdmd->size, NULL);
data/cryptsetup-2.3.4/lib/setup.c:2620:65:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (!single_segment(&tdmd) || tgt->type != DM_CRYPT || !tgt->u.crypt.tag_size) {
data/cryptsetup-2.3.4/lib/setup.c:2677:47:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/setup.c:2677:64:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		r = crypt_volume_key_set_description(tgt->u.crypt.vk, src->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/setup.c:2681:32:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		crypt_free_volume_key(tgt->u.crypt.vk);
data/cryptsetup-2.3.4/lib/setup.c:2682:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2682:51:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2682:79:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tgt->u.crypt.vk = crypt_alloc_volume_key(src->u.crypt.vk->keylength, src->u.crypt.vk->key);
data/cryptsetup-2.3.4/lib/setup.c:2683:15:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if (!tgt->u.crypt.vk) {
data/cryptsetup-2.3.4/lib/setup.c:2690:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				src->u.crypt.offset, &sdmd->size, NULL);
data/cryptsetup-2.3.4/lib/setup.c:2797:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
					tgt->u.crypt.vk, CRYPT_DEFAULT_SEGMENT);
data/cryptsetup-2.3.4/lib/setup.c:2817:34:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	if (MISALIGNED(new_size, tgt->u.crypt.sector_size >> SECTOR_SHIFT)) {
data/cryptsetup-2.3.4/lib/setup.c:2833:11:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
			tgt->u.crypt.vk, crypt_get_cipher_spec(cd),
data/cryptsetup-2.3.4/lib/setup.c:3020:57:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    (dmd.flags & CRYPT_ACTIVATE_KEYRING_KEY) && tgt->u.crypt.vk->key_description)
data/cryptsetup-2.3.4/lib/setup.c:3021:24:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		desc = strdup(tgt->u.crypt.vk->key_description);
data/cryptsetup-2.3.4/lib/setup.c:3758:12:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				tgt->u.crypt.offset, &dmd->size, &dmd->flags);
data/cryptsetup-2.3.4/lib/setup.c:3816:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
					tgt->u.crypt.offset, &dmd->size, &dmd->flags);
data/cryptsetup-2.3.4/lib/setup.c:4565:54:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
			if (tgt->type == DM_CRYPT && (min_offset > tgt->u.crypt.offset)) {
data/cryptsetup-2.3.4/lib/setup.c:4566:25:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				min_offset = tgt->u.crypt.offset;
data/cryptsetup-2.3.4/lib/setup.c:4567:29:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
				cad->iv_offset = tgt->u.crypt.iv_offset;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:855:27:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
			dm_name, dmd.segment.u.crypt.cipher);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:958:26:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		if ((c = strchr(tgt->u.crypt.cipher, '-')))
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:961:26:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		strncat(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:962:23:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		*key_size += tgt->u.crypt.vk->keylength;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:963:36:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:989:35:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	tcrypt_hdr->d.mk_offset = tgt->u.crypt.offset * SECTOR_SIZE;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:991:25:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	strncpy(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:999:20:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	key_size = tgt->u.crypt.vk->keylength;
data/cryptsetup-2.3.4/lib/utils.c:311:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(uts.release, "%" SCNu16  ".%" SCNu16 ".%" SCNu16 "-%" SCNu16,
data/cryptsetup-2.3.4/lib/utils.c:314:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	else if (sscanf(uts.release,  "%" SCNu16 ".%" SCNu16 ".%" SCNu16,
data/cryptsetup-2.3.4/lib/utils_device.c:264:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	int access, devfd;
data/cryptsetup-2.3.4/lib/utils_device.c:289:4:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access != O_RDONLY ? " for write" : "");
data/cryptsetup-2.3.4/lib/utils_devpath.c:185:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (sscanf(tmp, "%" PRIu64, value) != 1)
data/cryptsetup-2.3.4/lib/utils_dm.h:113:4:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	} crypt;
data/cryptsetup-2.3.4/lib/utils_fips.c:44:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
data/cryptsetup-2.3.4/src/cryptsetup.h:68:57:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	     const char *format, ...)  __attribute__ ((format (printf, 5, 6)));
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:339:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	} else if (sscanf(line, "offset = %" PRIu64, &u64) == 1) {
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:342:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	} else if (sscanf(line, "shift = %" PRIu64, &u64) == 1) {
data/cryptsetup-2.3.4/src/utils_blockdev.c:56:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(buf, buflen, DM_UUID_PREFIX "%s%s%s%s",
data/cryptsetup-2.3.4/src/utils_tools.c:82:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 5, 6)))
data/cryptsetup-2.3.4/src/utils_tools.c:91:6:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	if (vsnprintf(&target[0], LOG_MAX_LEN, format, argp) > 0) {
data/cryptsetup-2.3.4/tests/api-test-2.c:1060:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(tmp, "truncate -s %" PRIu64 " " IMAGE_EMPTY_SMALL, r_header_wrong_size * 512);
data/cryptsetup-2.3.4/tests/test_utils.c:312:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ((r=system(command)) < 0 && warn)
data/cryptsetup-2.3.4/debian/scripts/passdev.c:131:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	debugval = getenv("DEBUG");
data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c:261:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt (argc, argv, "t:s:vd")) != -1) {
data/cryptsetup-2.3.4/tests/api-test-2.c:4424:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("CRYPTSETUP_PATH")) {
data/cryptsetup-2.3.4/tests/api-test.c:1902:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("CRYPTSETUP_PATH")) {
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1204:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("CRYPTSETUP_PATH")) {
data/cryptsetup-2.3.4/debian/askpass.c:64:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		dbgfile = fopen("/tmp/askpass.debug", "a");
data/cryptsetup-2.3.4/debian/askpass.c:323:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return open(FIFO_PATH, O_RDONLY | O_NONBLOCK);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:85:4:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			open("/dev/null", O_RDONLY, 0);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:86:4:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			open("/dev/null", O_WRONLY, 0);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:87:4:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			open("/dev/null", O_WRONLY, 0);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:132:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (debugval && atoi(debugval) > 0)
data/cryptsetup-2.3.4/debian/scripts/passdev.c:148:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		timeout = atoi(to);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:219:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(keypath, O_RDONLY)) < 0) {
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:33:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *meminfo = fopen("/proc/meminfo", "r");
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:78:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *devices[d_size];
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:96:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        sos = fopen(SYSFS_POWER_SYNC_ON_SUSPEND, "r+");
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:194:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *s = fopen(SYSFS_POWER_STATE, "w");
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:204:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        sos = fopen(SYSFS_POWER_SYNC_ON_SUSPEND, "w");
data/cryptsetup-2.3.4/lib/base64.c:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char b64c[64] =
data/cryptsetup-2.3.4/lib/base64.c:252:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const signed char b64[0x100] = {
data/cryptsetup-2.3.4/lib/base64.h:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_sha256[32];
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:160:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char initial_sha256[32];
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[16];
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:342:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((*vmk)->salt,
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:348:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((*vmk)->nonce,
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:352:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((*vmk)->mac_tag,
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:457:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char guid_buf[UUID_STR_LEN] = {0};
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:798:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char part_str[BITLK_RECOVERY_PART_LEN + 1] = {0};
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:855:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(kdf.salt, salt, 16);
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:931:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&key_size, outbuf, 2);
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:945:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outbuf + 16 + BITLK_OPEN_KEY_METADATA_LEN,
data/cryptsetup-2.3.4/lib/crypt_plain.c:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash_name_buf[PLAIN_HASH_LEN_MAX], *s;
data/cryptsetup-2.3.4/lib/crypt_plain.c:108:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(key, passphrase, hash_size);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(hash, out, hashlen);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2-impl.h:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&w, src, sizeof w);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2-impl.h:66:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&w, src, sizeof w);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2-impl.h:84:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &w, sizeof w);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2-impl.h:99:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &w, sizeof w);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:160:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(block, key, keylen);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:247:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&S->buf[left], pin, fill);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:261:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&S->buf[S->buflen], pin, inlen);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:289:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, buffer, S->outlen);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:369:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:374:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:377:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:382:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/blake2/blake2b.c:385:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, out_buffer, toproduce);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/core.c:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/core.c:323:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&(thr_data[l].pos), &position,
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:381:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst, str, pp_len + 1);                                          \
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:388:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[30];                                                          \
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:389:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tmp, "%lu", (unsigned long)(x));                               \
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/opt.c:233:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[CMSG_SPACE(sizeof(*type)) + iv_msg_size];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:160:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(alg_iv->iv, iv, iv_length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode_name[64], tmp_salg_name[180], *real_mode = NULL, *cipher_iv = NULL, *key;
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:275:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[128], ccm_iv[16];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, in, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:288:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer + length, tag, tag_length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:293:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ccm_iv + 1, iv, iv_length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_gcrypt.c:32:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version[64];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_gcrypt.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2] = "\0\0", hash_out1[64], hash_out2[64];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_gcrypt.c:230:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, hash, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_gcrypt.c:305:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, hash, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_kernel.c:41:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version[256];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nettle.c:311:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(h->key, key, key_length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c:31:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char version[64];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c:166:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[64];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c:175:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, tmp, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c:267:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[64];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_nss.c:276:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, tmp, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c:211:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[EVP_MAX_MD_SIZE];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c:220:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, tmp, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c:287:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tmp[EVP_MAX_MD_SIZE];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c:295:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, tmp, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_openssl.c:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher_name[256];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_storage.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[256];
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_storage.c:182:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ctx->iv + ctx->iv_size - sizeof(val), &val, sizeof(val));
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_storage.c:220:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode_name[64];
data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char U[MAX_PRF_BLOCK_LEN];
data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char T[MAX_PRF_BLOCK_LEN];
data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char P_hash[MAX_PRF_BLOCK_LEN];
data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c:202:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(tmp, S, Slen);
data/cryptsetup-2.3.4/lib/crypto_backend/pbkdf2_generic.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(DK + (i - 1) * hLen, T, (unsigned int) i == l ? r : hLen);
data/cryptsetup-2.3.4/lib/integrity/integrity.c:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/integrity/integrity.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_name[64], tmp_uuid[40];
data/cryptsetup-2.3.4/lib/libcryptsetup.h:2153:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	crypt_token_open_func open; /**< token handler open function */
data/cryptsetup-2.3.4/lib/libdevmapper.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_version[16];
data/cryptsetup-2.3.4/lib/libdevmapper.c:425:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/cryptsetup-2.3.4/lib/libdevmapper.c:461:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&hexkey[i * 2], "%02x", (unsigned char)key[i]);
data/cryptsetup-2.3.4/lib/libdevmapper.c:482:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[CLEN], mode[CLEN], iv[CLEN+1], tmp[CLEN];
data/cryptsetup-2.3.4/lib/libdevmapper.c:483:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char capi[CAPIL];
data/cryptsetup-2.3.4/lib/libdevmapper.c:541:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[CLEN], mode[CLEN], iv[CLEN], auth[CLEN];
data/cryptsetup-2.3.4/lib/libdevmapper.c:542:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[CAPIL], dmcrypt_tmp[CAPIL*2], capi[CAPIL+1];
data/cryptsetup-2.3.4/lib/libdevmapper.c:608:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char sector_feature[32], features[512], integrity_dm[256], cipher_dm[256];
data/cryptsetup-2.3.4/lib/libdevmapper.c:700:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char features[256], fec_features[256], verity_verify_args[512+32];
data/cryptsetup-2.3.4/lib/libdevmapper.c:798:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char features[512], feature[256];
data/cryptsetup-2.3.4/lib/libdevmapper.c:1191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ptr, uuid2[UUID_LEN] = {0};
data/cryptsetup-2.3.4/lib/libdevmapper.c:1225:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1337:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev_uuid[DM_UUID_LEN] = {0};
data/cryptsetup-2.3.4/lib/libdevmapper.c:1901:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *rcipher, *rintegrity, *key_, *rdevice, *endp, buffer[3], *arg, *key_desc;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2038:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(buffer, &key_[i * 2], 2);
data/cryptsetup-2.3.4/lib/libdevmapper.c:2726:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dmname[PATH_MAX];
data/cryptsetup-2.3.4/lib/libdevmapper.c:2927:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(msg, "key set ");
data/cryptsetup-2.3.4/lib/loopaes/loopaes.c:136:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *keys[LOOPAES_KEYS_MAX];
data/cryptsetup-2.3.4/lib/luks1/keyencryption.c:34:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *c, cipher_spec[MAX_CIPHER_LEN * 3];
data/cryptsetup-2.3.4/lib/luks1/keyencryption.c:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[PATH_MAX], path[PATH_MAX];
data/cryptsetup-2.3.4/lib/luks1/keyencryption.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher_spec[MAX_CIPHER_LEN * 3];
data/cryptsetup-2.3.4/lib/luks1/keyencryption.c:118:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(path, mode | O_DIRECT | O_SYNC);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:243:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:297:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(backup_file, O_RDONLY);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:532:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(header->cipherMode, "ecb");
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:547:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(backup_file, O_RDONLY);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:642:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&convHdr, hdr, hdr_size);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[SECTOR_SIZE];
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:762:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header->magic,luksMagic,LUKS_MAGIC_L);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:939:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char checkHashBuf[LUKS_DIGESTSIZE];
data/cryptsetup-2.3.4/lib/luks1/luks.h:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		magic[LUKS_MAGIC_L];
data/cryptsetup-2.3.4/lib/luks1/luks.h:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cipherName[LUKS_CIPHERNAME_L];
data/cryptsetup-2.3.4/lib/luks1/luks.h:77:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		cipherMode[LUKS_CIPHERMODE_L];
data/cryptsetup-2.3.4/lib/luks1/luks.h:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char            hashSpec[LUKS_HASHSPEC_L];
data/cryptsetup-2.3.4/lib/luks1/luks.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mkDigest[LUKS_DIGESTSIZE];
data/cryptsetup-2.3.4/lib/luks1/luks.h:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		mkDigestSalt[LUKS_SALTSIZE];
data/cryptsetup-2.3.4/lib/luks1/luks.h:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char            uuid[UUID_STRING_L];
data/cryptsetup-2.3.4/lib/luks1/luks.h:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char     passwordSalt[LUKS_SALTSIZE];
data/cryptsetup-2.3.4/lib/luks1/luks.h:99:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		_padding[432];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		magic[LUKS2_MAGIC_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		label[LUKS2_LABEL_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		checksum_alg[LUKS2_CHECKSUM_ALG_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		uuid[LUKS2_UUID_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		subsystem[LUKS2_LABEL_L]; /* owner subsystem label */
data/cryptsetup-2.3.4/lib/luks2/luks2.h:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		_padding[184];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:90:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		_padding4096[7*512];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		label[LUKS2_LABEL_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:103:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		subsystem[LUKS2_LABEL_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		checksum_alg[LUKS2_CHECKSUM_ALG_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		uuid[LUKS2_UUID_L];
data/cryptsetup-2.3.4/lib/luks2/luks2.h:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
data/cryptsetup-2.3.4/lib/luks2/luks2.h:124:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char encryption[65]; // or include utils_crypt.h
data/cryptsetup-2.3.4/lib/luks2/luks2.h:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash[LUKS2_CHECKSUM_ALG_L]; // or include luks.h
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:96:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keyslot_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:107:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			return atoi(key);
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:184:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char segment_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:200:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		return atoi(key);
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:210:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:247:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			r = assign_one_digest(cd, hdr, keyslot, atoi(key), assign);
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:295:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:336:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				r = assign_all_segments(cd, hdr, atoi(key), assign);
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:338:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				r = assign_one_segment(cd, hdr, segment, atoi(key), assign);
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:382:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			log_dbg(cd, "Erasing unused digest %d.", atoi(key));
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:391:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *desc, digest_str[3];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest_pbkdf2.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char checkHashBuf[64];
data/cryptsetup-2.3.4/lib/luks2/luks2_digest_pbkdf2.c:97:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[LUKS_SALTSIZE], digest_raw[128];
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char csum_txt[2*LUKS2_CHECKSUM_L+1];
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:115:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&hdr_tmp, hdr_disk, LUKS2_HDR_BIN_LEN);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:143:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr->label, hdr_disk1->label, LUKS2_LABEL_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:145:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr->subsystem, hdr_disk1->subsystem, LUKS2_LABEL_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:147:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr->checksum_alg, hdr_disk1->checksum_alg, LUKS2_CHECKSUM_ALG_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:149:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr->uuid, hdr_disk1->uuid, LUKS2_UUID_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:153:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hdr->salt1, hdr_disk2->salt, LUKS2_SALT_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hdr->salt2, hdr_disk1->salt, LUKS2_SALT_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:156:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hdr->salt1, hdr_disk1->salt, LUKS2_SALT_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:157:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hdr->salt2, hdr_disk2->salt, LUKS2_SALT_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:172:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&hdr_disk->magic, secondary ? LUKS2_MAGIC_2ND : LUKS2_MAGIC_1ST, LUKS2_MAGIC_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:187:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr_disk->salt, secondary ? hdr->salt2 : hdr->salt1, LUKS2_SALT_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:697:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&hdr_disk2, &hdr_disk1, LUKS2_HDR_BIN_LEN);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:718:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&hdr_disk1, &hdr_disk2, LUKS2_HDR_BIN_LEN);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:772:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char magic[LUKS2_MAGIC_L];
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:790:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(device_path(device), flags);
data/cryptsetup-2.3.4/lib/luks2/luks2_internal.h:135:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	keyslot_open_func  open;
data/cryptsetup-2.3.4/lib/luks2/luks2_json_format.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[128];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_format.c:278:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(hdr->checksum_alg, "sha256");
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:108:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keyslot_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:138:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char token_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digest_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:254:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[21];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:657:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		i = atoi(key);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1105:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(backup_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1188:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(backup_file, O_RDONLY);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1558:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char slot[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1600:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char token[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1630:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char segment[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1685:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1916:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keyslot_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1927:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char **dep, deps_uuid_prefix[40], *deps[MAX_DM_DEPS+1] = { 0 };
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2390:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:140:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (!LUKS2_keyslot_for_segment(hdr, atoi(slot), segment))
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:329:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	r = h->open(cd, keyslot, password, password_len, (*vk)->key, (*vk)->keylength);
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:425:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		keyslot = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:463:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		keyslot = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:849:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot.c:880:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		keyslot = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot_luks2.c:201:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot_luks2.c:296:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[LUKS_SALTSIZE], cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/luks2/luks2_keyslot_luks2.c:388:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[LUKS_SALTSIZE], *salt_base64 = NULL;
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:37:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:219:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char keyslot_str[2], *base64_str;
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:678:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[LUKS_CIPHERNAME_L], cipher_mode[LUKS_CIPHERMODE_L];
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:679:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char digest[LUKS_DIGESTSIZE], digest_salt[LUKS_SALTSIZE];
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:686:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[256], luksMagic[] = LUKS_MAGIC;
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:810:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hdr1->keyblock[i].passwordSalt, buf, LUKS_SALTSIZE);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:853:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr1->mkDigest, digest, LUKS_DIGESTSIZE);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:863:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr1->mkDigestSalt, digest_salt, LUKS_SALTSIZE);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:876:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdr1->magic, luksMagic, LUKS_MAGIC_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1798:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hz_path[PATH_MAX];
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char overlay_path[PATH_MAX] = { 0 };
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:2283:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char _cipher[128];
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:2578:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hdr_uuid[37];
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char segment_name[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:195:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				*ret = atoi(key);
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:278:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		return atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:311:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(slot) > last_found)
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:312:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			last_found = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:336:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			first_found = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:337:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		else if (atoi(slot) < first_found)
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:338:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			first_found = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_segment.c:354:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		id = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:136:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:318:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	r = h->open(cd, token, buffer, buffer_len, usrptr);
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:368:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		num = atoi(json_object_get_string(jobj));
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:437:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		token = atoi(slot);
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char num[16];
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:541:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			r = assign_one_keyslot(cd, hdr, token, atoi(key), assign);
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:562:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			r = assign_one_token(cd, hdr, keyslot, atoi(key), assign);
data/cryptsetup-2.3.4/lib/luks2/luks2_token.c:596:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (keyslot == atoi(json_object_get_string(jobj)))
data/cryptsetup-2.3.4/lib/random.c:154:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
data/cryptsetup-2.3.4/lib/random.c:160:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
data/cryptsetup-2.3.4/lib/setup.c:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cipher[MAX_CIPHER_LEN];	  /* only for compatibility */
data/cryptsetup-2.3.4/lib/setup.c:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cipher_mode[MAX_CIPHER_LEN]; /* only for compatibility */
data/cryptsetup-2.3.4/lib/setup.c:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cipher_spec[MAX_CIPHER_LEN*2+1];
data/cryptsetup-2.3.4/lib/setup.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char cipher[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/setup.c:183:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char target[LOG_MAX_LEN + 2];
data/cryptsetup-2.3.4/lib/setup.c:276:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((*vk)->key, pass, key_size);
data/cryptsetup-2.3.4/lib/setup.c:278:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((*vk)->key, pass, passLen);
data/cryptsetup-2.3.4/lib/setup.c:734:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cd->u.luks2.hdr, &hdr2, sizeof(hdr2));
data/cryptsetup-2.3.4/lib/setup.c:814:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&cd->u.luks1.hdr, &hdr, sizeof(hdr));
data/cryptsetup-2.3.4/lib/setup.c:857:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cd->u.tcrypt.params, params, sizeof(*params));
data/cryptsetup-2.3.4/lib/setup.c:1067:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char _mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/setup.c:2104:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(salt, params->salt, params->salt_size);
data/cryptsetup-2.3.4/lib/setup.c:4403:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char description[512];
data/cryptsetup-2.3.4/lib/setup.c:4457:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(CONST_CAST(void*)cd->u.verity.root_hash, volume_key, volume_key_size);
data/cryptsetup-2.3.4/lib/setup.c:4658:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(volume_key, cd->u.verity.root_hash, cd->u.verity.root_hash_size);
data/cryptsetup-2.3.4/lib/setup.c:4667:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(volume_key, vk->key, vk->keylength);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iv[bs], iv_old[bs];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:288:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(iv, &key[alg->iv_offset], alg->iv_size);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:290:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(iv_old, &buf[i], bs);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:299:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(iv, iv_old, bs);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out_key, &key[alg->key_offset], ks2);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&out_key[ks2], &key[alg->iv_offset], ks2);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out_key, &key[alg->key_offset], ks2);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:327:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&out_key[ks2], key, TCRYPT_LRW_IKEY_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:329:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out_key, &key[alg->key_offset], alg->key_size);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&out_key[alg->key_size], &key[alg->iv_offset],
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:339:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char backend_key[TCRYPT_HDR_KEY_LEN];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iv[TCRYPT_HDR_IV_LEN] = {};
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:341:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode_name[MAX_CIPHER_LEN + 1];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:359:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(iv, &key[alg->iv_offset], alg->iv_size);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:391:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(iv, &key[ciphers->cipher[0].iv_offset], bs);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:406:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(iv_old, &buf[i], bs);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:415:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(iv, iv_old, bs);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:439:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&hdr2.e, &hdr->e, TCRYPT_HDR_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:462:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:469:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&hdr->e, &hdr2.e, TCRYPT_HDR_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:481:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				unsigned char pool[VCRYPT_KEY_POOL_LEN],
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:495:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(keyfile, O_RDONLY);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:529:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char pwd[VCRYPT_KEY_POOL_LEN] = {};
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:733:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX], dm_dev_name[PATH_MAX], cipher_spec[MAX_CIPHER_LEN*2+1];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:883:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX], *c;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:982:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[MAX_CIPHER_LEN * 4], mode[MAX_CIPHER_LEN+1], *tmp;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[TCRYPT_HDR_SALT_LEN];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.h:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char     magic[TCRYPT_HDR_MAGIC_LEN];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.h:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char     keys[256];
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.h:72:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char e[TCRYPT_HDR_LEN];
data/cryptsetup-2.3.4/lib/utils.c:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[BUFSIZ];
data/cryptsetup-2.3.4/lib/utils.c:166:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = keyfile ? open(keyfile, O_RDONLY) : STDIN_FILENO;
data/cryptsetup-2.3.4/lib/utils_crypt.c:41:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(cipher_mode, "cbc-plain");
data/cryptsetup-2.3.4/lib/utils_crypt.c:44:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			*key_nums = tmp ? atoi(++tmp) : 1;
data/cryptsetup-2.3.4/lib/utils_crypt.c:54:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(cipher, "cipher_null");
data/cryptsetup-2.3.4/lib/utils_crypt.c:55:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(cipher_mode, "ecb");
data/cryptsetup-2.3.4/lib/utils_crypt.c:62:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(cipher_mode, "cbc-plain");
data/cryptsetup-2.3.4/lib/utils_crypt.c:73:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode[MAX_CIPHER_LEN], hash[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/utils_crypt.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[3] = "xx\0", *endp, *bytes;
data/cryptsetup-2.3.4/lib/utils_crypt.c:170:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, &hex[i * 2], 2);
data/cryptsetup-2.3.4/lib/utils_device.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[512];
data/cryptsetup-2.3.4/lib/utils_device.c:169:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		devfd = open(device_path(device), O_RDONLY | O_DIRECT);
data/cryptsetup-2.3.4/lib/utils_device.c:183:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		devfd = open(device_path(device), O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_device.c:227:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(device_path(device), flags);
data/cryptsetup-2.3.4/lib/utils_device.c:284:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		devfd = open(device_path(device), flags);
data/cryptsetup-2.3.4/lib/utils_device.c:327:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			device->dev_fd_excl = open(path, O_RDONLY | O_EXCL);
data/cryptsetup-2.3.4/lib/utils_device.c:501:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(device->path, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_device.c:554:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(device->file_path ?: device->path, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_device.c:574:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(device->path, O_RDONLY)) < 0)
data/cryptsetup-2.3.4/lib/utils_device.c:592:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(device->path, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_device.c:615:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(device_path(device), O_RDWR);
data/cryptsetup-2.3.4/lib/utils_device.c:682:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(device->path, O_RDWR | flags);
data/cryptsetup-2.3.4/lib/utils_device.c:685:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(device->path, O_RDONLY | flags);
data/cryptsetup-2.3.4/lib/utils_device.c:910:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		devfd = open(device_path(device), O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_device_locking.c:98:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dirfd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC);
data/cryptsetup-2.3.4/lib/utils_device_locking.c:148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_device_locking.c:152:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_fd = open(device_path(device), O_RDONLY | O_NONBLOCK | O_CLOEXEC);
data/cryptsetup-2.3.4/lib/utils_device_locking.c:177:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(device_path(device), O_RDWR | O_NONBLOCK | O_CLOEXEC);
data/cryptsetup-2.3.4/lib/utils_device_locking.c:196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_device_locking.c:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_device_locking.c:266:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_device_locking.c:500:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char res[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_devpath.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char link[PATH_MAX], path[PATH_MAX], *devname, *devpath = NULL;
data/cryptsetup-2.3.4/lib/utils_devpath.c:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[64] = {0};
data/cryptsetup-2.3.4/lib/utils_devpath.c:177:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(sysfs_path, O_RDONLY)) < 0)
data/cryptsetup-2.3.4/lib/utils_devpath.c:193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_devpath.c:204:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_devpath.c:262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char link[PATH_MAX], path[PATH_MAX], part_path[PATH_MAX], *devname;
data/cryptsetup-2.3.4/lib/utils_devpath.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char link[PATH_MAX], path[PATH_MAX], part_path[PATH_MAX], *devname;
data/cryptsetup-2.3.4/lib/utils_devpath.c:412:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char subpath[PATH_MAX], uuid[max_len];
data/cryptsetup-2.3.4/lib/utils_fips.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1] = "";
data/cryptsetup-2.3.4/lib/utils_fips.c:34:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY)) >= 0) {
data/cryptsetup-2.3.4/lib/utils_io.c:115:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, orig_buf, length);
data/cryptsetup-2.3.4/lib/utils_io.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(hangover_buf, (char*)buf + solid, hangover);
data/cryptsetup-2.3.4/lib/utils_io.c:181:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)buf + solid, hangover_buf, hangover);
data/cryptsetup-2.3.4/lib/utils_io.c:188:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(orig_buf, buf, length);
data/cryptsetup-2.3.4/lib/utils_io.c:233:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char*)frontPadBuf + frontHang, buf, innerCount);
data/cryptsetup-2.3.4/lib/utils_io.c:287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, (char*)frontPadBuf + frontHang, innerCount);
data/cryptsetup-2.3.4/lib/utils_loop.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[20];
data/cryptsetup-2.3.4/lib/utils_loop.c:60:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dev, "/dev/loop%d", i);
data/cryptsetup-2.3.4/lib/utils_loop.c:62:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		loop_fd = open(dev, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_loop.c:79:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[64];
data/cryptsetup-2.3.4/lib/utils_loop.c:83:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open("/dev/loop-control", O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_loop.c:94:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	if (sprintf(dev, "/dev/loop%d", i) < 0)
data/cryptsetup-2.3.4/lib/utils_loop.c:112:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
data/cryptsetup-2.3.4/lib/utils_loop.c:115:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		file_fd = open(file, O_RDONLY | O_EXCL);
data/cryptsetup-2.3.4/lib/utils_loop.c:125:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
data/cryptsetup-2.3.4/lib/utils_loop.c:179:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open(loop, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_loop.c:194:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open(loop, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_loop.c:210:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open(loop, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_loop.c:230:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_loop.c:240:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(buf, O_RDONLY);
data/cryptsetup-2.3.4/lib/utils_safe_memory.c:28:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	data[0];
data/cryptsetup-2.3.4/lib/utils_safe_memory.c:97:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_data, data, size);
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:146:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, mode);
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char _cipher[MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/lib/utils_wipe.c:49:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buffer, write_modes[turn], 3);
data/cryptsetup-2.3.4/lib/verity/rs_decode_char.c:116:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(lambda, t, (rs->nroots + 1) * sizeof(t[0]));
data/cryptsetup-2.3.4/lib/verity/rs_decode_char.c:128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&reg[1], &lambda[1], rs->nroots * sizeof(reg[0]));
data/cryptsetup-2.3.4/lib/verity/verity.c:139:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(CONST_CAST(char*)params->salt, sb.salt, params->salt_size);
data/cryptsetup-2.3.4/lib/verity/verity.c:192:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sb.salt, params->salt, params->salt_size);
data/cryptsetup-2.3.4/lib/verity/verity_fec.c:236:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(device_path(fec_device), O_RDONLY);
data/cryptsetup-2.3.4/lib/verity/verity_fec.c:238:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(device_path(fec_device), O_RDWR);
data/cryptsetup-2.3.4/lib/verity/verity_fec.c:251:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	inputs[0].fd = open(device_path(inputs[0].device), O_RDONLY);
data/cryptsetup-2.3.4/lib/verity/verity_fec.c:256:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	inputs[1].fd = open(device_path(inputs[1].device), O_RDONLY);
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char block[bytes];
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:150:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char left_block[hash_block_size];
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data_buffer[data_block_size];
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:152:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char read_digest[digest_size];
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:259:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char calculated_digest[digest_size];
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:309:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	data_file = fopen(device_path(data_device), "r");
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:320:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	hash_file = fopen(device_path(hash_device), verify ? "r" : "r+");
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:340:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			hash_file_2 = fopen(device_path(hash_device), "r");
data/cryptsetup-2.3.4/lib/verity/verity_hash.c:389:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(root_hash, calculated_digest, digest_size);
data/cryptsetup-2.3.4/lib/volumekey.c:48:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&vk->key, key, keylength);
data/cryptsetup-2.3.4/misc/dict_search/crypt_dict.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pwd[MAX_LEN];
data/cryptsetup-2.3.4/misc/dict_search/crypt_dict.c:50:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen(pwd_file, "r");
data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c:128:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char tbl[16] = "0123456789ABCDEF";
data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c:175:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buffer[sector_size];
data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c:327:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f_luks = open(device, O_RDONLY);
data/cryptsetup-2.3.4/misc/luks2_keyslot_example/keyslot_test_remote_pass.c:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char password[PASSWORD_LENGTH+1];
data/cryptsetup-2.3.4/src/cryptsetup.c:36:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *opt_keyfiles[MAX_KEYFILES];
data/cryptsetup-2.3.4/src/cryptsetup.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *msg, cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/cryptsetup.c:956:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher[MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/cryptsetup.c:1167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_name[64], tmp_path[128], tmp_uuid[40];
data/cryptsetup-2.3.4/src/cryptsetup.c:1211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN], integrity[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/cryptsetup.c:1263:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(opt_header_device, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
data/cryptsetup-2.3.4/src/cryptsetup.c:2705:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX] = {}, *password = NULL;
data/cryptsetup-2.3.4/src/cryptsetup.c:2745:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *msg, uuid_str[37], header_file[PATH_MAX] = { 0 }, *password = NULL;
data/cryptsetup-2.3.4/src/cryptsetup.c:2825:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(header_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
data/cryptsetup-2.3.4/src/cryptsetup.c:2923:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX], *password = NULL;
data/cryptsetup-2.3.4/src/cryptsetup.c:3081:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[128];
data/cryptsetup-2.3.4/src/cryptsetup.c:3134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_name[PATH_MAX], cipher [MAX_CIPHER_LEN], mode[MAX_CIPHER_LEN], *vk = NULL;
data/cryptsetup-2.3.4/src/cryptsetup.c:3465:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/cryptsetup-2.3.4/src/cryptsetup.c:3807:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		opt_key_slot = atoi(action_argv[1]);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:86:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_file_org[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_file_tmp[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header_file_new[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:89:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char log_file[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char crypt_path_org[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char crypt_path_new[PATH_MAX];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:94:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char log_buf[SECTOR_SIZE];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:205:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(device, O_RDWR | (S_ISBLK(st.st_mode) ? O_EXCL : 0));
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:235:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((void*)&version, &buf[MAGIC_L], sizeof(uint16_t));
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:241:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, NOMAGIC, MAGIC_L);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:284:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(new_file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char s[64];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:398:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	rc->log_fd = open(rc->log_file, O_RDWR|O_EXCL|O_CREAT|flags, S_IRUSR|S_IWUSR);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:404:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		rc->log_fd = open(rc->log_file, O_RDWR|flags);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:778:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cipher [MAX_CIPHER_LEN], cipher_mode[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:885:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fd = open(rc->device_header, O_WRONLY);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:1105:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd_old = open(rc->crypt_path_org, O_RDONLY | (opt_directio ? O_DIRECT : 0));
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:1111:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd_new = open(rc->crypt_path_new, O_WRONLY | (opt_directio ? O_DIRECT : 0));
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:1320:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msg[256];
data/cryptsetup-2.3.4/src/integritysetup.c:82:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(file, O_RDONLY);
data/cryptsetup-2.3.4/src/integritysetup.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_name[64], tmp_path[128], tmp_uuid[40];
data/cryptsetup-2.3.4/src/integritysetup.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/integritysetup.c:277:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char integrity[MAX_CIPHER_LEN], journal_integrity[MAX_CIPHER_LEN], journal_crypt[MAX_CIPHER_LEN];
data/cryptsetup-2.3.4/src/integritysetup.c:641:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/cryptsetup-2.3.4/src/utils_blockdev.c:38:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *ptr, uuid2[UUID_LEN] = {0};
data/cryptsetup-2.3.4/src/utils_blockdev.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_subpath[PATH_MAX], data_dev_dir[PATH_MAX], uuid[max_len];
data/cryptsetup-2.3.4/src/utils_blockdev.c:166:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev_uuid[DM_UUID_LEN + DM_BY_ID_PREFIX_LEN] = DM_BY_ID_PREFIX;
data/cryptsetup-2.3.4/src/utils_luks2.c:45:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(file, O_RDONLY);
data/cryptsetup-2.3.4/src/utils_luks2.c:109:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(file, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
data/cryptsetup-2.3.4/src/utils_password.c:141:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	infd = open("/dev/tty", O_RDWR);
data/cryptsetup-2.3.4/src/utils_password.c:240:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[PATH_MAX], *backing_file;
data/cryptsetup-2.3.4/src/utils_password.c:303:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(file, O_RDONLY);
data/cryptsetup-2.3.4/src/utils_password.c:326:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
data/cryptsetup-2.3.4/src/utils_tools.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char target[LOG_MAX_LEN + 2];
data/cryptsetup-2.3.4/src/utils_tools.c:211:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char device[PATH_MAX];
data/cryptsetup-2.3.4/src/utils_tools.c:217:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(device, "/dev/disk/by-uuid/");
data/cryptsetup-2.3.4/src/utils_tools.c:558:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, flags);
data/cryptsetup-2.3.4/src/veritysetup.c:96:6:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	r = open(action_argv[1], O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
data/cryptsetup-2.3.4/src/veritysetup.c:106:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		r = open(fec_device, O_WRONLY | O_EXCL | O_CREAT, S_IRUSR | S_IWUSR);
data/cryptsetup-2.3.4/src/veritysetup.c:574:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:344:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:347:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd=mkstemp(test_loop_file)) == -1) {
data/cryptsetup-2.3.4/tests/api-test-2.c:361:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd=mkstemp(tmp_file_1)) == -1) {
data/cryptsetup-2.3.4/tests/api-test-2.c:440:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key_description[1024];
data/cryptsetup-2.3.4/tests/api-test-2.c:487:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:541:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:627:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128], key3[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:951:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], tmp[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:1079:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/cryptsetup-2.3.4/tests/api-test-2.c:1124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:1248:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], cmd[256];
data/cryptsetup-2.3.4/tests/api-test-2.c:1377:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:1473:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:2734:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128], key_ret[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:2872:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:3067:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:3466:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key1[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:3680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test-2.c:4359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rollback[256];
data/cryptsetup-2.3.4/tests/api-test.c:239:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[128];
data/cryptsetup-2.3.4/tests/api-test.c:242:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd=mkstemp(test_loop_file)) == -1) {
data/cryptsetup-2.3.4/tests/api-test.c:256:10:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	if ((fd=mkstemp(tmp_file_1)) == -1) {
data/cryptsetup-2.3.4/tests/api-test.c:317:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128], path[128];
data/cryptsetup-2.3.4/tests/api-test.c:452:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDONLY);
data/cryptsetup-2.3.4/tests/api-test.c:535:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDONLY);
data/cryptsetup-2.3.4/tests/api-test.c:645:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test.c:682:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test.c:760:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128], key3[128];
data/cryptsetup-2.3.4/tests/api-test.c:1023:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[256];
data/cryptsetup-2.3.4/tests/api-test.c:1089:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], key2[128], cmd[256];
data/cryptsetup-2.3.4/tests/api-test.c:1136:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(key2, key, key_size / 2);
data/cryptsetup-2.3.4/tests/api-test.c:1176:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128], cmd[256];
data/cryptsetup-2.3.4/tests/api-test.c:1285:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test.c:1366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128];
data/cryptsetup-2.3.4/tests/api-test.c:1457:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[256];
data/cryptsetup-2.3.4/tests/api-test.c:1574:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[256], root_hash[256], root_hash_out[256];
data/cryptsetup-2.3.4/tests/api-test.c:1706:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[key_size], key_def[key_size];
data/cryptsetup-2.3.4/tests/api-test.c:1857:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[128] = "";
data/cryptsetup-2.3.4/tests/crypto-vectors.c:660:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char in_sha256[32];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:664:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		const char out_sha256[32];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[256];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:934:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[64];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:997:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[64];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1049:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[256];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1112:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void get_sha256(const char *in, size_t length, char out[32])
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1112:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void get_sha256(const char *in, size_t length, char out[32])
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mode_iv[256];
data/cryptsetup-2.3.4/tests/crypto-vectors.c:1132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[8192], hash[32];
data/cryptsetup-2.3.4/tests/differ.c:109:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f->fd = open(f->name, O_RDONLY);
data/cryptsetup-2.3.4/tests/test_utils.c:44:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char last_error[256];
data/cryptsetup-2.3.4/tests/test_utils.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char global_log[4096];
data/cryptsetup-2.3.4/tests/test_utils.c:136:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	devfd = open(device, O_RDONLY);
data/cryptsetup-2.3.4/tests/test_utils.c:151:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
data/cryptsetup-2.3.4/tests/test_utils.c:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[128];
data/cryptsetup-2.3.4/tests/test_utils.c:233:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR|S_IWUSR);
data/cryptsetup-2.3.4/tests/test_utils.c:246:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[3];
data/cryptsetup-2.3.4/tests/test_utils.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dm_version[16];
data/cryptsetup-2.3.4/tests/test_utils.c:496:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[20];
data/cryptsetup-2.3.4/tests/test_utils.c:501:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dev, "/dev/loop%d", i);
data/cryptsetup-2.3.4/tests/test_utils.c:503:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		loop_fd = open(dev, O_RDONLY);
data/cryptsetup-2.3.4/tests/test_utils.c:520:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dev[64];
data/cryptsetup-2.3.4/tests/test_utils.c:524:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open("/dev/loop-control", O_RDONLY);
data/cryptsetup-2.3.4/tests/test_utils.c:535:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	if (sprintf(dev, "/dev/loop%d", i) < 0)
data/cryptsetup-2.3.4/tests/test_utils.c:553:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file_fd = open(file, (*readonly ? O_RDONLY : O_RDWR) | O_EXCL);
data/cryptsetup-2.3.4/tests/test_utils.c:556:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		file_fd = open(file, O_RDONLY | O_EXCL);
data/cryptsetup-2.3.4/tests/test_utils.c:566:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		loop_fd = open(*loop, *readonly ? O_RDONLY : O_RDWR);
data/cryptsetup-2.3.4/tests/test_utils.c:620:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	loop_fd = open(loop, O_RDONLY);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:61:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_RDONLY | O_DIRECT);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:92:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_WRONLY | O_DIRECT);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:124:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_RDONLY | O_DIRECT);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:156:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_RDWR | O_DIRECT);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:187:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_RDONLY | O_DIRECT);
data/cryptsetup-2.3.4/tests/unit-utils-io.c:218:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(test_file, O_RDWR | O_DIRECT);
data/cryptsetup-2.3.4/debian/askpass.c:119:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	result = read(fd, *buf + *used, *size - *used);
data/cryptsetup-2.3.4/debian/askpass.c:237:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(prompt2);
data/cryptsetup-2.3.4/debian/askpass.c:450:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	bool (*read)(int fd, char **buf, size_t *size);
data/cryptsetup-2.3.4/debian/askpass.c:558:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (methods[i].read(methods[i].fd, &pass, &passlen) && pass) {
data/cryptsetup-2.3.4/debian/scripts/passdev.c:192:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	keypath = malloc(strlen(tmppath) + 1 + strlen(filepath) + 1);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:192:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	keypath = malloc(strlen(tmppath) + 1 + strlen(filepath) + 1);
data/cryptsetup-2.3.4/debian/scripts/passdev.c:235:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		bytes = read(fd, keybuffer + bytesread, toread - bytesread);
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:40:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(line, "MemAvailable", strlen("MemAvailable")) == 0) {
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:43:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if (strncmp(line, "SwapFree", strlen("SwapFree")) == 0) {
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:100:21:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int sos_c = fgetc(sos);
data/cryptsetup-2.3.4/debian/scripts/suspend/cryptsetup-suspend.c:101:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (fgetc(sos) == EOF)
data/cryptsetup-2.3.4/lib/bitlk/bitlk.c:821:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(part_str, password + i, BITLK_RECOVERY_PART_LEN);
data/cryptsetup-2.3.4/lib/crypt_plain.c:78:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(hash_name) >= PLAIN_HASH_LEN_MAX)
data/cryptsetup-2.3.4/lib/crypt_plain.c:80:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hash_name_buf, hash_name, PLAIN_HASH_LEN_MAX);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.c:271:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    encoded_len = strlen(encoded);
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.c:453:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/argon2.c:453:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:263:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t cc_len = strlen(prefix);                                        \
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:273:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t cc_len = strlen(prefix);                                        \
data/cryptsetup-2.3.4/lib/crypto_backend/argon2/encoding.c:377:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t pp_len = strlen(str);                                           \
data/cryptsetup-2.3.4/lib/crypto_backend/cipher_generic.c:65:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    !strncasecmp(mode, cipher_algs[i].mode, strlen(cipher_algs[i].mode)))
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:169:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(ctx->opfd, out, out_length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_cipher_kernel.c:220:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(mode_name, mode, sizeof(mode_name));
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_kernel.c:197:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy((char *)sa.salg_name, ha->kernel_name, sizeof(sa.salg_name)-1);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_kernel.c:226:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(ctx->opfd, buffer, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_kernel.c:300:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(ctx->opfd, buffer, length);
data/cryptsetup-2.3.4/lib/crypto_backend/crypto_storage.c:235:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(mode_name, cipher_mode, sizeof(mode_name));
data/cryptsetup-2.3.4/lib/libdevmapper.c:495:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(iv, mode, sizeof(iv)-1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:562:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(tmp);
data/cryptsetup-2.3.4/lib/libdevmapper.c:585:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(capi, tmp, sizeof(capi)-1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:655:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		keystr_len = strlen(tgt->u.crypt.vk->key_description) + int_log10(tgt->u.crypt.vk->keylength) + 10;
data/cryptsetup-2.3.4/lib/libdevmapper.c:664:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
		strncpy(hexkey, "-", 2);
data/cryptsetup-2.3.4/lib/libdevmapper.c:674:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_size = strlen(hexkey) + strlen(cipher_dm) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:674:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_size = strlen(hexkey) + strlen(cipher_dm) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:675:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(device_block_path(tgt->data_device)) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:676:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(features) + 64;
data/cryptsetup-2.3.4/lib/libdevmapper.c:763:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
		strncpy(hexsalt, "-", 2);
data/cryptsetup-2.3.4/lib/libdevmapper.c:765:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_size = strlen(hexroot) + strlen(hexsalt) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:765:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_size = strlen(hexroot) + strlen(hexsalt) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:766:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(device_block_path(tgt->data_device)) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:767:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(device_block_path(tgt->u.verity.hash_device)) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:768:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(vp->hash_name) + strlen(features) + strlen(fec_features) + 128 +
data/cryptsetup-2.3.4/lib/libdevmapper.c:768:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(vp->hash_name) + strlen(features) + strlen(fec_features) + 128 +
data/cryptsetup-2.3.4/lib/libdevmapper.c:768:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(vp->hash_name) + strlen(features) + strlen(fec_features) + 128 +
data/cryptsetup-2.3.4/lib/libdevmapper.c:769:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   strlen(verity_verify_args);
data/cryptsetup-2.3.4/lib/libdevmapper.c:803:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	max_size = strlen(device_block_path(tgt->data_device)) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:804:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(tgt->u.integrity.meta_device ? strlen(device_block_path(tgt->u.integrity.meta_device)) : 0) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:808:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(tgt->u.integrity.integrity ? strlen(tgt->u.integrity.integrity) : 0) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:809:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(tgt->u.integrity.journal_integrity ? strlen(tgt->u.integrity.journal_integrity) : 0) +
data/cryptsetup-2.3.4/lib/libdevmapper.c:810:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(tgt->u.integrity.journal_crypt ? strlen(tgt->u.integrity.journal_crypt) : 0) + 128;
data/cryptsetup-2.3.4/lib/libdevmapper.c:821:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:821:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:829:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:829:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:837:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:837:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:843:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:843:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:849:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:849:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:855:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:855:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:872:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:872:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:892:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:892:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:912:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:912:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:918:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:918:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:924:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:924:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:930:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:930:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:937:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:937:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncat(features, feature, sizeof(features) - strlen(features) - 1);
data/cryptsetup-2.3.4/lib/libdevmapper.c:965:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int max_size = strlen(device_block_path(tgt->data_device)) + int_log10(tgt->u.linear.offset) + 3;
data/cryptsetup-2.3.4/lib/libdevmapper.c:1979:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				rintegrity = strchr(arg + strlen("integrity:"), ':');
data/cryptsetup-2.3.4/lib/libdevmapper.c:2014:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			key_size = strlen(key_) / 2;
data/cryptsetup-2.3.4/lib/libdevmapper.c:2048:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memset(key_, 0, strlen(key_));
data/cryptsetup-2.3.4/lib/libdevmapper.c:2748:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strncmp(prefix, dmd.uuid, strlen(prefix)) ||
data/cryptsetup-2.3.4/lib/libdevmapper.c:2917:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		msg_size = strlen(vk->key_description) + int_log10(vk->keylength) + 18;
data/cryptsetup-2.3.4/lib/luks1/keyencryption.c:45:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (!(c = strchr(mode, '-')) || strlen(c) < 4)
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:764:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(header->cipherName,cipherName,LUKS_CIPHERNAME_L-1);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:765:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(header->cipherMode,cipherMode,LUKS_CIPHERMODE_L-1);
data/cryptsetup-2.3.4/lib/luks1/keymanage.c:766:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(header->hashSpec,hashSpec,LUKS_HASHSPEC_L-1);
data/cryptsetup-2.3.4/lib/luks2/luks2.h:189:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t read;
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:403:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(crypt_get_uuid(cd)) + strlen(digest_str) + 13;
data/cryptsetup-2.3.4/lib/luks2/luks2_digest.c:403:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(crypt_get_uuid(cd)) + strlen(digest_str) + 13;
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:178:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr_disk->label, hdr->label, LUKS2_LABEL_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:180:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr_disk->subsystem, hdr->subsystem, LUKS2_LABEL_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:182:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr_disk->checksum_alg, hdr->checksum_alg, LUKS2_CHECKSUM_ALG_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:184:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr_disk->uuid, hdr->uuid, LUKS2_UUID_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:438:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(json_text) > (json_area_len - 1)) {
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:439:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		log_dbg(cd, "JSON is too large (%zu > %zu).", strlen(json_text), json_area_len);
data/cryptsetup-2.3.4/lib/luks2/luks2_disk_metadata.c:443:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(json_area, json_text, json_area_len);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:459:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	json_size = (uint64_t)strlen(json);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1027:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(hdr->label, label, LUKS2_LABEL_L-1);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:1031:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(hdr->subsystem, subsystem, LUKS2_LABEL_L-1);
data/cryptsetup-2.3.4/lib/luks2/luks2_json_metadata.c:2200:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(name);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:566:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	strncpy(hdr2->checksum_alg, "sha256", LUKS2_CHECKSUM_ALG_L);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:569:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr2->uuid, crypt_get_uuid(cd), LUKS2_UUID_L-1); /* UUID should be max 36 chars */
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:827:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr1->cipherName, cipher, LUKS_CIPHERNAME_L - 1);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:829:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr1->cipherMode, cipher_mode, LUKS_CIPHERMODE_L - 1);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:836:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr1->hashSpec, json_object_get_string(jobj1), sizeof(hdr1->hashSpec) - 1);
data/cryptsetup-2.3.4/lib/luks2/luks2_luks1_convert.c:873:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(hdr1->uuid, hdr2->uuid, UUID_STRING_L); /* max 36 chars */
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1259:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t read, w;
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1339:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != area_length_read) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1339:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != area_length_read) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1346:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1346:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1400:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1400:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1410:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1410:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1435:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1435:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1446:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:1446:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != rh->length) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:2484:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (rh->read < 0)
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:2503:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rh->offset += (uint64_t)rh->read;
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:2515:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	rh->progress += (uint64_t)rh->read;
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:3036:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (rh->read < 0) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:3043:73:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = reencrypt_hotzone_protect_final(cd, hdr, rh, rh->reenc_buffer, rh->read);
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:3050:79:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = crypt_storage_wrapper_decrypt(rh->cw1, rh->offset, rh->reenc_buffer, rh->read);
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:3056:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (rh->read != crypt_storage_wrapper_encrypt_write(rh->cw2, rh->offset, rh->reenc_buffer, rh->read)) {
data/cryptsetup-2.3.4/lib/luks2/luks2_reencrypt.c:3056:97:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (rh->read != crypt_storage_wrapper_encrypt_write(rh->cw2, rh->offset, rh->reenc_buffer, rh->read)) {
data/cryptsetup-2.3.4/lib/luks2/luks2_token_keyring.c:89:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	r = !strlen(json_object_get_string(jobj_key));
data/cryptsetup-2.3.4/lib/random.c:55:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		r = read(urandom_fd, buf, len);
data/cryptsetup-2.3.4/lib/random.c:116:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			r = read(random_fd, buf, n);
data/cryptsetup-2.3.4/lib/setup.c:500:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(type);
data/cryptsetup-2.3.4/lib/setup.c:501:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (dmd.uuid && strlen(dmd.uuid) > len &&
data/cryptsetup-2.3.4/lib/setup.c:1089:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cd->u.none.cipher_mode = cd->u.none.cipher_spec + strlen(cd->u.none.cipher) + 1;
data/cryptsetup-2.3.4/lib/setup.c:1228:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    !crypt_string_in(dev + strlen(dm_get_dir()) + 1, deps, ARRAY_SIZE(deps))) {
data/cryptsetup-2.3.4/lib/setup.c:1257:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1;
data/cryptsetup-2.3.4/lib/setup.c:1262:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cd->u.loopaes.cipher_mode = cd->u.loopaes.cipher_spec + strlen(cipher) + 1;
data/cryptsetup-2.3.4/lib/setup.c:1575:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cd->u.plain.cipher_mode = cd->u.plain.cipher_spec + strlen(cipher) + 1;
data/cryptsetup-2.3.4/lib/setup.c:2359:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (isLUKS2(cd->type) && !strncmp("INTEGRITY-", tgt->uuid, strlen("INTEGRITY-"))) {
data/cryptsetup-2.3.4/lib/setup.c:2365:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!src->uuid || strncmp(cd->type, tgt->uuid, strlen(cd->type)) ||
data/cryptsetup-2.3.4/lib/setup.c:2371:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp(cd->type, tgt->uuid, strlen(cd->type))) {
data/cryptsetup-2.3.4/lib/setup.c:3839:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	iname = ipath + strlen(dm_get_dir()) + 1;
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:348:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(mode_name, mode, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:820:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(dm_name, name, sizeof(dm_name)-1);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:894:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!r && !strncmp(dmd.uuid, base_uuid, strlen(base_uuid)))
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:957:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strncmp(dmd.uuid, base_uuid, strlen(base_uuid))) {
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:960:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(cipher, "-");
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:991:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(cipher, tgt->u.crypt.cipher, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/tcrypt/tcrypt.c:997:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(mode, ++tmp, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils.c:127:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		bytes_r = read(fd, tmp, next_read);
data/cryptsetup-2.3.4/lib/utils_benchmark.c:70:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(mode, cipher_mode, sizeof(mode)-1);
data/cryptsetup-2.3.4/lib/utils_crypt.c:109:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(integrity, s, MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_crypt.c:112:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(integrity, "hmac(sha1)", MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_crypt.c:115:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(integrity, "hmac(sha256)", MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_crypt.c:119:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(integrity, "hmac(sha512)", MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_crypt.c:122:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(integrity, "cmac(aes)", MAX_CIPHER_LEN);
data/cryptsetup-2.3.4/lib/utils_crypt.c:160:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(hex);
data/cryptsetup-2.3.4/lib/utils_device.c:454:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t dmdir_len = strlen(dmdir);
data/cryptsetup-2.3.4/lib/utils_devpath.c:52:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = path + strlen(path);
data/cryptsetup-2.3.4/lib/utils_devpath.c:73:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(ptr, entry->d_name, space);
data/cryptsetup-2.3.4/lib/utils_devpath.c:105:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	strncpy(buf, "/dev", PATH_MAX);
data/cryptsetup-2.3.4/lib/utils_devpath.c:114:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(buf, dm_get_dir(), PATH_MAX);
data/cryptsetup-2.3.4/lib/utils_devpath.c:119:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
	strncpy(buf, "/dev", PATH_MAX);
data/cryptsetup-2.3.4/lib/utils_devpath.c:179:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = read(fd, tmp, sizeof(tmp));
data/cryptsetup-2.3.4/lib/utils_devpath.c:306:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	devname_len = strlen(devname);
data/cryptsetup-2.3.4/lib/utils_devpath.c:398:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(entry->d_name, dm_uuid, strlen(dm_uuid))) {
data/cryptsetup-2.3.4/lib/utils_devpath.c:447:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (!strncmp(uuid, dm_uuid, strlen(dm_uuid)))
data/cryptsetup-2.3.4/lib/utils_fips.c:35:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
data/cryptsetup-2.3.4/lib/utils_io.c:42:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		r = read(fd, buf, length - read_size);
data/cryptsetup-2.3.4/lib/utils_loop.c:142:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(lo_file_name, file, LO_NAME_SIZE-1);
data/cryptsetup-2.3.4/lib/utils_loop.c:244:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	len = read(fd, buf, PATH_MAX);
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:256:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t read;
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:272:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (cw->type == NONE || read < 0)
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:273:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		return read;
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:277:4:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			read,
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:282:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	return read;
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:289:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t read;
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:297:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != buffer_length)
data/cryptsetup-2.3.4/lib/utils_storage_wrappers.c:297:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if (read < 0 || (size_t)read != buffer_length)
data/cryptsetup-2.3.4/lib/verity/verity.c:191:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(algorithm, params->hash_name, sizeof(sb.algorithm)-1);
data/cryptsetup-2.3.4/misc/dict_search/crypt_dict.c:62:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(pwd);
data/cryptsetup-2.3.4/misc/keyslot_checker/chk_luks_keyslots.c:214:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			if (read(f_luks, buffer, sector_size) != sector_size) {
data/cryptsetup-2.3.4/misc/luks2_keyslot_example/keyslot_test.c:342:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	i = read(STDIN_FILENO, pass, 512);
data/cryptsetup-2.3.4/misc/luks2_keyslot_example/keyslot_test_remote_pass.c:233:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	r = crypt_activate_by_passphrase(cd, name, CRYPT_ANY_SLOT, password, strlen(password), 0);
data/cryptsetup-2.3.4/src/cryptsetup.c:979:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			width = strlen(cipher) + strlen(cipher_mode) + 1;
data/cryptsetup-2.3.4/src/cryptsetup.c:979:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			width = strlen(cipher) + strlen(cipher_mode) + 1;
data/cryptsetup-2.3.4/src/cryptsetup.c:984:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			log_std("%*s-%s  %9db  %10.1f MiB/s  %10.1f MiB/s\n", width - (int)strlen(cipher_mode) - 1,
data/cryptsetup-2.3.4/src/cryptsetup.c:2790:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncmp(type, CRYPT_LUKS2, strlen(CRYPT_LUKS2))) {
data/cryptsetup-2.3.4/src/cryptsetup.c:3152:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(cipher, crypt_get_cipher(cd), MAX_CIPHER_LEN - 1);
data/cryptsetup-2.3.4/src/cryptsetup.c:3153:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(mode, crypt_get_cipher_mode(cd), MAX_CIPHER_LEN - 1);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:227:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	s = read(devfd, buf, buf_size);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:331:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	} else if (sscanf(line, "UUID = %40s", s) == 1) {
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:363:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	s = read(rc->log_fd, rc->log_buf, SECTOR_SIZE);
data/cryptsetup-2.3.4/src/cryptsetup_reencrypt.c:916:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		s = read(fd, buf, count - read_size);
data/cryptsetup-2.3.4/src/integritysetup.c:87:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((read(fd, *key, keysize) != keysize)) {
data/cryptsetup-2.3.4/src/utils_blockdev.c:126:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (!strncmp(uuid, dm_uuid, strlen(dm_uuid)))
data/cryptsetup-2.3.4/src/utils_luks2.c:97:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!json || !(json_len = strlen(json)) || json_len >= LUKS2_MAX_MDA_SIZE)
data/cryptsetup-2.3.4/src/utils_password.c:102:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	i = read(fd, pass, maxlen);
data/cryptsetup-2.3.4/src/utils_password.c:154:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (prompt && write(outfd, prompt, strlen(prompt)) < 0)
data/cryptsetup-2.3.4/src/utils_password.c:220:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*key_size = strlen(pass);
data/cryptsetup-2.3.4/src/utils_tools.c:218:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr = &device[strlen(device)];
data/cryptsetup-2.3.4/src/utils_tools.c:323:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(endp);
data/cryptsetup-2.3.4/tests/api-test-2.c:475:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	*buffer_len = strlen(*buffer);
data/cryptsetup-2.3.4/tests/api-test-2.c:493:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:494:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:495:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
data/cryptsetup-2.3.4/tests/api-test-2.c:503:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:505:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), CRYPT_ACTIVATE_KEYRING_KEY));
data/cryptsetup-2.3.4/tests/api-test-2.c:507:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:509:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
data/cryptsetup-2.3.4/tests/api-test-2.c:511:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:524:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:547:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:565:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
data/cryptsetup-2.3.4/tests/api-test-2.c:566:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:567:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
data/cryptsetup-2.3.4/tests/api-test-2.c:572:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:585:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:592:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
data/cryptsetup-2.3.4/tests/api-test-2.c:596:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:603:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:632:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:747:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:748:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:811:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test-2.c:813:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:818:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:819:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:820:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
data/cryptsetup-2.3.4/tests/api-test-2.c:825:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
data/cryptsetup-2.3.4/tests/api-test-2.c:829:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
data/cryptsetup-2.3.4/tests/api-test-2.c:830:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
data/cryptsetup-2.3.4/tests/api-test-2.c:840:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
data/cryptsetup-2.3.4/tests/api-test-2.c:842:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
data/cryptsetup-2.3.4/tests/api-test-2.c:844:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test-2.c:854:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
data/cryptsetup-2.3.4/tests/api-test-2.c:854:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
data/cryptsetup-2.3.4/tests/api-test-2.c:856:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
data/cryptsetup-2.3.4/tests/api-test-2.c:857:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test-2.c:857:113:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test-2.c:859:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test-2.c:898:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:904:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
data/cryptsetup-2.3.4/tests/api-test-2.c:905:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
data/cryptsetup-2.3.4/tests/api-test-2.c:912:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:923:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:928:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:930:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:955:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:1000:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:1149:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:1251:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:1381:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:1404:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:1405:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1423:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1431:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:1443:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1451:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:1476:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:1644:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1654:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1669:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_PROCESS_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1691:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1694:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1704:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:1704:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:1734:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1742:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1742:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 0, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1758:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1759:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:1768:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:1849:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1850:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:1887:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 3, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:1990:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:1991:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:1998:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2012:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2014:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2024:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2038:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2040:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2052:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2061:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2062:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2073:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2076:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2086:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2093:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2094:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
data/cryptsetup-2.3.4/tests/api-test-2.c:2140:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2141:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2146:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2147:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2159:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2160:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2165:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2166:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2178:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2179:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2184:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2185:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2195:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2196:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2201:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2202:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2212:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2213:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2218:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2219:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2229:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2230:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2235:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2236:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2249:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2250:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2255:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2256:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2268:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2269:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2270:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2271:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2272:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2273:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2274:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2275:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2287:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2288:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2293:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2294:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2306:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2307:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2308:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2309:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2310:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2311:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2312:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2313:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2325:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2326:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2331:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2332:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2344:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2345:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2346:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2347:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2348:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2349:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2350:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2351:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2362:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2363:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2368:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2369:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2380:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2381:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2382:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2383:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2384:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2385:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2386:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2387:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2397:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2398:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2403:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2404:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2415:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2416:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2417:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2418:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2419:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2420:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2421:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2422:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2432:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2433:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2438:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2439:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2450:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 0, PASS0, strlen(PASS0), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2451:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 7, PASS7, strlen(PASS7), 0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2452:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASS1, strlen(PASS1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2453:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 2, PASS2, strlen(PASS2), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2454:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 3, PASS3, strlen(PASS3), 0), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2455:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 4, PASS4, strlen(PASS4), 0), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2456:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 5, PASS5, strlen(PASS5), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2457:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 6, PASS6, strlen(PASS6), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2466:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2476:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:2738:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_ret_len, key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:2770:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2771:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2776:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), "Keyslot not assigned to volume");
data/cryptsetup-2.3.4/tests/api-test-2.c:2777:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), 0), "No keyslot assigned to volume with this passphrase");
data/cryptsetup-2.3.4/tests/api-test-2.c:2781:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2782:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2785:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size-1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2786:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 3, key2, 13, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2796:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "Wrong size");
data/cryptsetup-2.3.4/tests/api-test-2.c:2799:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_volume_key_get(cd, 2, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), "wrong size");
data/cryptsetup-2.3.4/tests/api-test-2.c:2800:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_volume_key_get(cd, 3, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2803:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_volume_key_get(cd, 1, key_ret, &key_ret_len, PASSPHRASE1, strlen(PASSPHRASE1)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2806:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2811:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, NULL, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2812:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2817:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "Keyslot not assigned to volume");
data/cryptsetup-2.3.4/tests/api-test-2.c:2818:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2818:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_passphrase(cd, 5, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE1, strlen(PASSPHRASE1)), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2819:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2821:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2823:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE1, strlen(PASSPHRASE1), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:2831:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:2833:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2835:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2837:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 3, key2, key_size - 1, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:2839:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE), 4);
data/cryptsetup-2.3.4/tests/api-test-2.c:2840:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET), "Illegal");
data/cryptsetup-2.3.4/tests/api-test-2.c:2841:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_SET | CRYPT_VOLUME_KEY_DIGEST_REUSE), "Illegal");
data/cryptsetup-2.3.4/tests/api-test-2.c:2843:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_key(cd, CRYPT_ANY_SLOT, key2, key_size - 2, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), "Key digest doesn't match any existing.");
data/cryptsetup-2.3.4/tests/api-test-2.c:2845:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 5, key, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_DIGEST_REUSE), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2848:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2851:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE1, strlen(PASSPHRASE1), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:2853:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 2, PASSPHRASE1, strlen(PASSPHRASE1), 0), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:2855:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), "No volume key keyslot");
data/cryptsetup-2.3.4/tests/api-test-2.c:2860:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 5, NULL, 0, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_SET), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2862:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 5, PASSPHRASE1, strlen(PASSPHRASE1), 0), 5);
data/cryptsetup-2.3.4/tests/api-test-2.c:2877:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size_ret, key_size = strlen(mk_hex) / 2, keyslot_key_size = 16;
data/cryptsetup-2.3.4/tests/api-test-2.c:2883:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2884:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE2, PASSPHRASE1, strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2899:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2900:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2900:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_add_by_passphrase(cd, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2901:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(2, crypt_keyslot_add_by_key(cd, 2, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
data/cryptsetup-2.3.4/tests/api-test-2.c:2909:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(3, crypt_keyslot_add_by_volume_key(cd, 3, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2910:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2910:92:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(4, crypt_keyslot_add_by_passphrase(cd, 4, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1,strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2911:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(5, crypt_keyslot_add_by_key(cd, 5, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT));
data/cryptsetup-2.3.4/tests/api-test-2.c:2952:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2952:100:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(8, crypt_keyslot_change_by_passphrase(cd, 1, 8, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2957:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2957:100:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(9, crypt_keyslot_change_by_passphrase(cd, 5, 9, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2964:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2964:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_change_by_passphrase(cd, 8, 1, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2968:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2968:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(10, crypt_keyslot_change_by_passphrase(cd, 2, 10, PASSPHRASE1, strlen(PASSPHRASE1), PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2972:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2972:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_keyslot_change_by_passphrase(cd, 0, 0, PASSPHRASE, strlen(PASSPHRASE), PASSPHRASE1, strlen(PASSPHRASE1)));
data/cryptsetup-2.3.4/tests/api-test-2.c:2985:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, PASSPHRASE, strlen(PASSPHRASE)));
data/cryptsetup-2.3.4/tests/api-test-2.c:3009:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid = add_key("user", KEY_DESC_TEST0, PASSPHRASE, strlen(PASSPHRASE), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:3011:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	kid1 = add_key("user", KEY_DESC_TEST1, PASSPHRASE1, strlen(PASSPHRASE1), KEY_SPEC_THREAD_KEYRING);
data/cryptsetup-2.3.4/tests/api-test-2.c:3021:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3022:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3023:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 2, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3416:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, NULL, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:3417:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 7, passphrase, strlen(passphrase) ,0), 7);
data/cryptsetup-2.3.4/tests/api-test-2.c:3470:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:3679:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test-2.c:3704:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 21);
data/cryptsetup-2.3.4/tests/api-test-2.c:3707:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
data/cryptsetup-2.3.4/tests/api-test-2.c:3708:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 10, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 10);
data/cryptsetup-2.3.4/tests/api-test-2.c:3709:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 11, NULL, 42, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 11);
data/cryptsetup-2.3.4/tests/api-test-2.c:3713:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 11, "aes", "xts-plain64", &rparams), "Cipher not compatible with new volume key size.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3714:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "tHeHamstErciphErr", "xts-plain64", &rparams), "Wrong cipher.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3715:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "HamSterMoOode-plain64", &rparams), "Wrong mode.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3719:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption not initialized.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3721:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid flags combination.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3728:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3754:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 10, "aes", "xts-plain", &rparams), "Reencryption already initialized.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3757:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3767:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
data/cryptsetup-2.3.4/tests/api-test-2.c:3770:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3775:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3779:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Invalid device size alignment.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3784:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3790:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 9, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
data/cryptsetup-2.3.4/tests/api-test-2.c:3794:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3799:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid hotzone size alignment.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3801:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3803:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3812:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience mode.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3815:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3818:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3825:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 21, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 21);
data/cryptsetup-2.3.4/tests/api-test-2.c:3830:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device is not active.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3833:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3835:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams), "Device mounted or active.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3838:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 9, 21, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:3843:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3845:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Reencryption already running.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3853:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3854:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Reencryption already in progress.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3864:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3865:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3870:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3877:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Could not activate device in reencryption.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3887:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3889:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Invalid device size.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3892:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	NOTFAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Failed to initialize reencryption.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3895:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3902:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3903:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3908:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Active device size is not aligned to new sector size.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3910:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Reduced reencryption size does not match active device.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3925:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3926:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd2, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3927:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3928:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd2, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3929:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3930:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3932:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3933:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3936:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3937:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Wrong device.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3938:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3950:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3951:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3958:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3965:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3971:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 1, PASSPHRASE, strlen(PASSPHRASE), 0), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3977:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3978:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), "Device is too small.");
data/cryptsetup-2.3.4/tests/api-test-2.c:3985:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:3986:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:3991:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:3998:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 0, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:4003:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4014:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4015:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:4020:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, PASSPHRASE, strlen(PASSPHRASE), 0), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4021:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), "Active device too large.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4023:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	NOTFAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4027:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 0, 1, "aes", "xts-plain64", &rparams), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:4051:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
data/cryptsetup-2.3.4/tests/api-test-2.c:4052:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4066:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4079:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
data/cryptsetup-2.3.4/tests/api-test-2.c:4080:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4086:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, NULL, NULL, &rparams), 0);
data/cryptsetup-2.3.4/tests/api-test-2.c:4108:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 30, NULL, 64, PASSPHRASE, strlen(PASSPHRASE)), 30);
data/cryptsetup-2.3.4/tests/api-test-2.c:4109:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ANY_SLOT, 30, "aes", "xts-plain64", &rparams), "Data device is too small");
data/cryptsetup-2.3.4/tests/api-test-2.c:4122:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4128:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4143:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4149:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4158:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4172:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4183:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4184:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4202:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, CRYPT_ANY_SLOT, NULL, NULL, &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4221:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4222:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4227:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd2, CDEVICE_2, 6, PASSPHRASE, strlen(PASSPHRASE), 0), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4229:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:4236:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4242:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd2, 2, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 2);
data/cryptsetup-2.3.4/tests/api-test-2.c:4244:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4245:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd2, NULL, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4247:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 1, 2, "aes", "cbc-essiv:sha256", &rparams), "Mismatching parameters in device table.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4258:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4259:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:4262:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4270:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	NOTFAIL_(crypt_activate_by_passphrase(cd2, CDEVICE_2, CRYPT_ANY_SLOT, PASSPHRASE, strlen(PASSPHRASE), 0), "Failed to activate device in reencryption.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4275:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4283:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_reencrypt_init_by_passphrase(cd2, CDEVICE_2, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "cbc-essiv:sha256", &rparams), "Mismatching device table.");
data/cryptsetup-2.3.4/tests/api-test-2.c:4297:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 6, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4299:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 6, PASSPHRASE, strlen(PASSPHRASE), CRYPT_ACTIVATE_ALLOW_DISCARDS), 6);
data/cryptsetup-2.3.4/tests/api-test-2.c:4307:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 64, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
data/cryptsetup-2.3.4/tests/api-test-2.c:4308:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4318:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, CDEVICE_1, PASSPHRASE, strlen(PASSPHRASE), 6, 1, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test-2.c:4343:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 3, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 3);
data/cryptsetup-2.3.4/tests/api-test-2.c:4344:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 9, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT), 9);
data/cryptsetup-2.3.4/tests/api-test-2.c:4345:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_key(cd, 10, key, key_size, PASSPHRASE, strlen(PASSPHRASE), CRYPT_VOLUME_KEY_NO_SEGMENT | CRYPT_VOLUME_KEY_DIGEST_REUSE ), 10);
data/cryptsetup-2.3.4/tests/api-test-2.c:4346:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 3, 9, "aes", "xts-plain64", &rparams));
data/cryptsetup-2.3.4/tests/api-test.c:322:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:373:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0), "invalid device size (0 blocks)");
data/cryptsetup-2.3.4/tests/api-test.c:381:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test.c:394:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small");
data/cryptsetup-2.3.4/tests/api-test.c:403:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small");
data/cryptsetup-2.3.4/tests/api-test.c:412:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Device too small");
data/cryptsetup-2.3.4/tests/api-test.c:421:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),"Offset and size are beyond device real size");
data/cryptsetup-2.3.4/tests/api-test.c:430:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test.c:445:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0),
data/cryptsetup-2.3.4/tests/api-test.c:447:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test.c:559:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd,CDEVICE_1,CRYPT_ANY_SLOT,passphrase, strlen(passphrase)),"cannot resume plain device");
data/cryptsetup-2.3.4/tests/api-test.c:566:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)), "small buffer");
data/cryptsetup-2.3.4/tests/api-test.c:568:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:578:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:579:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
data/cryptsetup-2.3.4/tests/api-test.c:584:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, strlen(KEY1) + 1, 0), "cannot seek");
data/cryptsetup-2.3.4/tests/api-test.c:585:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_device_offset(cd, NULL, CRYPT_ANY_SLOT, KEYFILE1, 0, strlen(KEY1) + 1, 0), "cannot seek");
data/cryptsetup-2.3.4/tests/api-test.c:597:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_passphrase(cd,CRYPT_ANY_SLOT,passphrase,strlen(passphrase),passphrase,strlen(passphrase)), "can't add keyslot to plain device");
data/cryptsetup-2.3.4/tests/api-test.c:597:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_passphrase(cd,CRYPT_ANY_SLOT,passphrase,strlen(passphrase),passphrase,strlen(passphrase)), "can't add keyslot to plain device");
data/cryptsetup-2.3.4/tests/api-test.c:598:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd,CRYPT_ANY_SLOT	,key,key_size,passphrase,strlen(passphrase)),"can't add keyslot to plain device");
data/cryptsetup-2.3.4/tests/api-test.c:599:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_keyfile(cd,CRYPT_ANY_SLOT,KEYFILE1,strlen(KEY1),KEYFILE2,strlen(KEY2)),"can't add keyslot to plain device");
data/cryptsetup-2.3.4/tests/api-test.c:599:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_keyfile(cd,CRYPT_ANY_SLOT,KEYFILE1,strlen(KEY1),KEYFILE2,strlen(KEY2)),"can't add keyslot to plain device");
data/cryptsetup-2.3.4/tests/api-test.c:633:78:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test.c:636:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0), "already exists");
data/cryptsetup-2.3.4/tests/api-test.c:651:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, NULL, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test.c:652:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test.c:653:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0), "already open");
data/cryptsetup-2.3.4/tests/api-test.c:665:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(0, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:688:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test.c:704:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
data/cryptsetup-2.3.4/tests/api-test.c:705:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:706:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
data/cryptsetup-2.3.4/tests/api-test.c:711:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:725:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_activate_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1), 0));
data/cryptsetup-2.3.4/tests/api-test.c:732:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "no header");
data/cryptsetup-2.3.4/tests/api-test.c:736:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:743:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key, &key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:765:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:873:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test.c:874:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase) ,0), 7);
data/cryptsetup-2.3.4/tests/api-test.c:925:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:927:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_activate_by_passphrase(cd, CDEVICE_2, CRYPT_ANY_SLOT, passphrase, strlen(passphrase), 0));
data/cryptsetup-2.3.4/tests/api-test.c:932:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(1, crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:944:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
data/cryptsetup-2.3.4/tests/api-test.c:945:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE2, KEY2, strlen(KEY2)));
data/cryptsetup-2.3.4/tests/api-test.c:950:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2)-1, 0), "key mismatch");
data/cryptsetup-2.3.4/tests/api-test.c:954:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, strlen(KEY2), 2, 0), "not enough data");
data/cryptsetup-2.3.4/tests/api-test.c:955:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_activate_by_keyfile_offset(cd, CDEVICE_2, CRYPT_ANY_SLOT, KEYFILE2, 0, strlen(KEY2) + 1, 0), "cannot seek");
data/cryptsetup-2.3.4/tests/api-test.c:965:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), "slot used");
data/cryptsetup-2.3.4/tests/api-test.c:967:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FAIL_(crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)), "key mismatch");
data/cryptsetup-2.3.4/tests/api-test.c:969:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_add_by_volume_key(cd, 6, key, key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:979:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
data/cryptsetup-2.3.4/tests/api-test.c:979:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_keyslot_change_by_passphrase(cd, 6, 7, passphrase, strlen(passphrase), passphrase2, strlen(passphrase2)));
data/cryptsetup-2.3.4/tests/api-test.c:981:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(7, crypt_activate_by_passphrase(cd, NULL, 7, passphrase2, strlen(passphrase2), 0));
data/cryptsetup-2.3.4/tests/api-test.c:982:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:982:113:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_keyslot_change_by_passphrase(cd, CRYPT_ANY_SLOT, 6, passphrase2, strlen(passphrase2), passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:984:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(6, crypt_volume_key_get(cd, CRYPT_ANY_SLOT, key2, &key_size, passphrase, strlen(passphrase)));
data/cryptsetup-2.3.4/tests/api-test.c:1092:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:1179:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:1289:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:1305:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 7, key, key_size, passphrase, strlen(passphrase)), 7);
data/cryptsetup-2.3.4/tests/api-test.c:1306:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_keyslot_add_by_volume_key(cd, 0, key, key_size, passphrase, strlen(passphrase)), 0);
data/cryptsetup-2.3.4/tests/api-test.c:1324:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
data/cryptsetup-2.3.4/tests/api-test.c:1332:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
data/cryptsetup-2.3.4/tests/api-test.c:1344:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 0, passphrase, strlen(passphrase), 0), 0);
data/cryptsetup-2.3.4/tests/api-test.c:1352:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(crypt_activate_by_passphrase(cd, CDEVICE_1, 7, passphrase, strlen(passphrase), 0), 7);
data/cryptsetup-2.3.4/tests/api-test.c:1369:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t key_size = strlen(mk_hex) / 2;
data/cryptsetup-2.3.4/tests/api-test.c:1492:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2));
data/cryptsetup-2.3.4/tests/api-test.c:1515:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, key, strlen(mk_hex) / 2));
data/cryptsetup-2.3.4/tests/api-test.c:1534:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	key_size = strlen(keystr); // 32
data/cryptsetup-2.3.4/tests/api-test.c:1535:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr)));
data/cryptsetup-2.3.4/tests/api-test.c:1551:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	OK_(prepare_keyfile(KEYFILE1, keystr, strlen(keystr)));
data/cryptsetup-2.3.4/tests/api-test.c:1585:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crypt_decode_key(salt, salt_hex, strlen(salt_hex) / 2);
data/cryptsetup-2.3.4/tests/api-test.c:1586:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crypt_decode_key(root_hash, root_hex, strlen(root_hex) / 2);
data/cryptsetup-2.3.4/tests/api-test.c:1639:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	EQ_(strlen(salt_hex) / 2, params.salt_size);
data/cryptsetup-2.3.4/tests/api-test.c:1698:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		.passphrase_size = strlen(passphrase),
data/cryptsetup-2.3.4/tests/api-test.c:1712:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crypt_decode_key(key_def, key_hex, strlen(key_hex) / 2);
data/cryptsetup-2.3.4/tests/test_utils.c:156:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, &buf, 1) != 1)
data/cryptsetup-2.3.4/tests/test_utils.c:217:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (buffer_size <= strlen(key))
data/cryptsetup-2.3.4/tests/test_utils.c:220:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(buffer, key, buffer_size);
data/cryptsetup-2.3.4/tests/test_utils.c:282:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(global_log);
data/cryptsetup-2.3.4/tests/test_utils.c:284:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (len + strlen(msg) > sizeof(global_log)) {
data/cryptsetup-2.3.4/tests/test_utils.c:289:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(global_log, msg, sizeof(global_log) - len);
data/cryptsetup-2.3.4/tests/test_utils.c:292:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(msg);
data/cryptsetup-2.3.4/tests/test_utils.c:295:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(last_error, msg, sizeof(last_error));
data/cryptsetup-2.3.4/tests/test_utils.c:583:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(lo_file_name, file, LO_NAME_SIZE-1);

ANALYSIS SUMMARY:

Hits = 1316
Lines analyzed = 66911 in approximately 1.89 seconds (35446 lines/second)
Physical Source Lines of Code (SLOC) = 48950
Hits@level = [0] 410 [1] 659 [2] 496 [3]   5 [4] 147 [5]   9
Hits@level+ = [0+] 1726 [1+] 1316 [2+] 657 [3+] 161 [4+] 156 [5+]   9
Hits/KSLOC@level+ = [0+] 35.2605 [1+] 26.8846 [2+] 13.4219 [3+] 3.28907 [4+] 3.18693 [5+] 0.183861
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.