Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/direwolf-1.5+dfsg/aclients.c
Examining data/direwolf-1.5+dfsg/aprs_tt.c
Examining data/direwolf-1.5+dfsg/aprs_tt.h
Examining data/direwolf-1.5+dfsg/atest.c
Examining data/direwolf-1.5+dfsg/audio.c
Examining data/direwolf-1.5+dfsg/audio.h
Examining data/direwolf-1.5+dfsg/audio_portaudio.c
Examining data/direwolf-1.5+dfsg/audio_stats.c
Examining data/direwolf-1.5+dfsg/audio_stats.h
Examining data/direwolf-1.5+dfsg/audio_win.c
Examining data/direwolf-1.5+dfsg/ax25_link.c
Examining data/direwolf-1.5+dfsg/ax25_link.h
Examining data/direwolf-1.5+dfsg/ax25_pad.c
Examining data/direwolf-1.5+dfsg/ax25_pad.h
Examining data/direwolf-1.5+dfsg/ax25_pad2.c
Examining data/direwolf-1.5+dfsg/ax25_pad2.h
Examining data/direwolf-1.5+dfsg/beacon.c
Examining data/direwolf-1.5+dfsg/beacon.h
Examining data/direwolf-1.5+dfsg/cdigipeater.c
Examining data/direwolf-1.5+dfsg/cdigipeater.h
Examining data/direwolf-1.5+dfsg/cm108.c
Examining data/direwolf-1.5+dfsg/cm108.h
Examining data/direwolf-1.5+dfsg/config.c
Examining data/direwolf-1.5+dfsg/config.h
Examining data/direwolf-1.5+dfsg/decode_aprs.c
Examining data/direwolf-1.5+dfsg/decode_aprs.h
Examining data/direwolf-1.5+dfsg/dedupe.c
Examining data/direwolf-1.5+dfsg/dedupe.h
Examining data/direwolf-1.5+dfsg/demod.c
Examining data/direwolf-1.5+dfsg/demod.h
Examining data/direwolf-1.5+dfsg/demod_9600.c
Examining data/direwolf-1.5+dfsg/demod_9600.h
Examining data/direwolf-1.5+dfsg/demod_afsk.c
Examining data/direwolf-1.5+dfsg/demod_afsk.h
Examining data/direwolf-1.5+dfsg/demod_psk.c
Examining data/direwolf-1.5+dfsg/demod_psk.h
Examining data/direwolf-1.5+dfsg/digipeater.c
Examining data/direwolf-1.5+dfsg/digipeater.h
Examining data/direwolf-1.5+dfsg/direwolf.h
Examining data/direwolf-1.5+dfsg/dlq.c
Examining data/direwolf-1.5+dfsg/dlq.h
Examining data/direwolf-1.5+dfsg/dsp.c
Examining data/direwolf-1.5+dfsg/dsp.h
Examining data/direwolf-1.5+dfsg/dtime_now.c
Examining data/direwolf-1.5+dfsg/dtime_now.h
Examining data/direwolf-1.5+dfsg/dtmf.c
Examining data/direwolf-1.5+dfsg/dtmf.h
Examining data/direwolf-1.5+dfsg/dwgps.c
Examining data/direwolf-1.5+dfsg/dwgps.h
Examining data/direwolf-1.5+dfsg/dwgpsd.h
Examining data/direwolf-1.5+dfsg/dwgpsnmea.c
Examining data/direwolf-1.5+dfsg/dwgpsnmea.h
Examining data/direwolf-1.5+dfsg/encode_aprs.c
Examining data/direwolf-1.5+dfsg/encode_aprs.h
Examining data/direwolf-1.5+dfsg/fcs_calc.c
Examining data/direwolf-1.5+dfsg/fcs_calc.h
Examining data/direwolf-1.5+dfsg/fsk_demod_agc.h
Examining data/direwolf-1.5+dfsg/fsk_demod_state.h
Examining data/direwolf-1.5+dfsg/fsk_filters.h
Examining data/direwolf-1.5+dfsg/fsk_gen_filter.h
Examining data/direwolf-1.5+dfsg/gen_packets.c
Examining data/direwolf-1.5+dfsg/gen_tone.c
Examining data/direwolf-1.5+dfsg/gen_tone.h
Examining data/direwolf-1.5+dfsg/geotranz/error_string.c
Examining data/direwolf-1.5+dfsg/geotranz/error_string.h
Examining data/direwolf-1.5+dfsg/geotranz/mgrs.c
Examining data/direwolf-1.5+dfsg/geotranz/mgrs.h
Examining data/direwolf-1.5+dfsg/geotranz/polarst.c
Examining data/direwolf-1.5+dfsg/geotranz/polarst.h
Examining data/direwolf-1.5+dfsg/geotranz/tranmerc.c
Examining data/direwolf-1.5+dfsg/geotranz/tranmerc.h
Examining data/direwolf-1.5+dfsg/geotranz/ups.c
Examining data/direwolf-1.5+dfsg/geotranz/ups.h
Examining data/direwolf-1.5+dfsg/geotranz/usng.c
Examining data/direwolf-1.5+dfsg/geotranz/usng.h
Examining data/direwolf-1.5+dfsg/geotranz/utm.c
Examining data/direwolf-1.5+dfsg/geotranz/utm.h
Examining data/direwolf-1.5+dfsg/grm_sym.h
Examining data/direwolf-1.5+dfsg/hdlc_rec.c
Examining data/direwolf-1.5+dfsg/hdlc_rec.h
Examining data/direwolf-1.5+dfsg/hdlc_rec2.c
Examining data/direwolf-1.5+dfsg/hdlc_rec2.h
Examining data/direwolf-1.5+dfsg/hdlc_send.c
Examining data/direwolf-1.5+dfsg/hdlc_send.h
Examining data/direwolf-1.5+dfsg/igate.c
Examining data/direwolf-1.5+dfsg/igate.h
Examining data/direwolf-1.5+dfsg/kiss.c
Examining data/direwolf-1.5+dfsg/kiss.h
Examining data/direwolf-1.5+dfsg/kiss_frame.c
Examining data/direwolf-1.5+dfsg/kiss_frame.h
Examining data/direwolf-1.5+dfsg/kissnet.c
Examining data/direwolf-1.5+dfsg/kissnet.h
Examining data/direwolf-1.5+dfsg/kissserial.c
Examining data/direwolf-1.5+dfsg/kissserial.h
Examining data/direwolf-1.5+dfsg/kissutil.c
Examining data/direwolf-1.5+dfsg/latlong.c
Examining data/direwolf-1.5+dfsg/latlong.h
Examining data/direwolf-1.5+dfsg/ll2utm.c
Examining data/direwolf-1.5+dfsg/log.c
Examining data/direwolf-1.5+dfsg/log.h
Examining data/direwolf-1.5+dfsg/log2gpx.c
Examining data/direwolf-1.5+dfsg/mgn_icon.h
Examining data/direwolf-1.5+dfsg/mheard.c
Examining data/direwolf-1.5+dfsg/mheard.h
Examining data/direwolf-1.5+dfsg/misc/strcasestr.c
Examining data/direwolf-1.5+dfsg/misc/strlcat.c
Examining data/direwolf-1.5+dfsg/misc/strlcpy.c
Examining data/direwolf-1.5+dfsg/misc/strsep.c
Examining data/direwolf-1.5+dfsg/misc/strtok_r.c
Examining data/direwolf-1.5+dfsg/morse.c
Examining data/direwolf-1.5+dfsg/morse.h
Examining data/direwolf-1.5+dfsg/multi_modem.c
Examining data/direwolf-1.5+dfsg/multi_modem.h
Examining data/direwolf-1.5+dfsg/pfilter.c
Examining data/direwolf-1.5+dfsg/pfilter.h
Examining data/direwolf-1.5+dfsg/ptt.c
Examining data/direwolf-1.5+dfsg/ptt.h
Examining data/direwolf-1.5+dfsg/rdq.c
Examining data/direwolf-1.5+dfsg/rdq.h
Examining data/direwolf-1.5+dfsg/recv.c
Examining data/direwolf-1.5+dfsg/recv.h
Examining data/direwolf-1.5+dfsg/redecode.h
Examining data/direwolf-1.5+dfsg/regex/re_comp.h
Examining data/direwolf-1.5+dfsg/regex/regcomp.c
Examining data/direwolf-1.5+dfsg/regex/regex.c
Examining data/direwolf-1.5+dfsg/regex/regex.h
Examining data/direwolf-1.5+dfsg/regex/regex_internal.c
Examining data/direwolf-1.5+dfsg/regex/regex_internal.h
Examining data/direwolf-1.5+dfsg/regex/regexec.c
Examining data/direwolf-1.5+dfsg/rpack.h
Examining data/direwolf-1.5+dfsg/rrbb.c
Examining data/direwolf-1.5+dfsg/rrbb.h
Examining data/direwolf-1.5+dfsg/serial_port.c
Examining data/direwolf-1.5+dfsg/serial_port.h
Examining data/direwolf-1.5+dfsg/server.c
Examining data/direwolf-1.5+dfsg/server.h
Examining data/direwolf-1.5+dfsg/sock.c
Examining data/direwolf-1.5+dfsg/sock.h
Examining data/direwolf-1.5+dfsg/symbols.c
Examining data/direwolf-1.5+dfsg/symbols.h
Examining data/direwolf-1.5+dfsg/telemetry.c
Examining data/direwolf-1.5+dfsg/telemetry.h
Examining data/direwolf-1.5+dfsg/textcolor.c
Examining data/direwolf-1.5+dfsg/textcolor.h
Examining data/direwolf-1.5+dfsg/tq.c
Examining data/direwolf-1.5+dfsg/tq.h
Examining data/direwolf-1.5+dfsg/tt_text.c
Examining data/direwolf-1.5+dfsg/tt_text.h
Examining data/direwolf-1.5+dfsg/tt_user.c
Examining data/direwolf-1.5+dfsg/tt_user.h
Examining data/direwolf-1.5+dfsg/ttcalc.c
Examining data/direwolf-1.5+dfsg/tune.h
Examining data/direwolf-1.5+dfsg/utm2ll.c
Examining data/direwolf-1.5+dfsg/version.h
Examining data/direwolf-1.5+dfsg/walk96.c
Examining data/direwolf-1.5+dfsg/waypoint.c
Examining data/direwolf-1.5+dfsg/waypoint.h
Examining data/direwolf-1.5+dfsg/xid.c
Examining data/direwolf-1.5+dfsg/xid.h
Examining data/direwolf-1.5+dfsg/xmit.c
Examining data/direwolf-1.5+dfsg/xmit.h
Examining data/direwolf-1.5+dfsg/direwolf.c
Examining data/direwolf-1.5+dfsg/dwgpsd.c
FINAL RESULTS:
data/direwolf-1.5+dfsg/aprs_tt.c:1759:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen (cmd, "r");
data/direwolf-1.5+dfsg/ax25_pad.c:1899:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, stemp);
data/direwolf-1.5+dfsg/ax25_pad.c:1903:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, stemp);
data/direwolf-1.5+dfsg/ax25_pad.c:1910:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, stemp);
data/direwolf-1.5+dfsg/direwolf.h:21:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error Include "direwolf.h" before any windows system files.
data/direwolf-1.5+dfsg/direwolf.h:24:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error Include "direwolf.h" before any windows system files.
data/direwolf-1.5+dfsg/geotranz/error_string.c:85:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (str, utm_err[n].msg);
data/direwolf-1.5+dfsg/geotranz/error_string.c:90:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, utm_err[0].msg);
data/direwolf-1.5+dfsg/geotranz/error_string.c:103:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (str, mgrs_err[n].msg);
data/direwolf-1.5+dfsg/geotranz/error_string.c:108:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, mgrs_err[0].msg);
data/direwolf-1.5+dfsg/geotranz/error_string.c:122:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (str, usng_err[n].msg);
data/direwolf-1.5+dfsg/geotranz/error_string.c:127:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (str, usng_err[0].msg);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:730:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (MGRS_Ellipsoid_Code, Ellipsoid_Code);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:750:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Ellipsoid_Code, MGRS_Ellipsoid_Code);
data/direwolf-1.5+dfsg/geotranz/usng.c:646:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (USNG_Ellipsoid_Code, Ellipsoid_Code);
data/direwolf-1.5+dfsg/geotranz/usng.c:666:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (Ellipsoid_Code, USNG_Ellipsoid_Code);
data/direwolf-1.5+dfsg/kiss_frame.c:130:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define dw_printf printf
data/direwolf-1.5+dfsg/latlong.c:111:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (slat, "%02d%s%c", ideg, smin, hemi);
data/direwolf-1.5+dfsg/latlong.c:181:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (slong, "%03d%s%c", ideg, smin, hemi);
data/direwolf-1.5+dfsg/latlong.c:355:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (slat, "%02d%s", ideg, smin);
data/direwolf-1.5+dfsg/latlong.c:416:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (slong, "%03d%s", ideg, smin);
data/direwolf-1.5+dfsg/latlong.c:770:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mh, maidenhead);
data/direwolf-1.5+dfsg/ptt.c:358:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system (cmd);
data/direwolf-1.5+dfsg/textcolor.c:366:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf (buffer, BSIZE, fmt, args);
data/direwolf-1.5+dfsg/textcolor.h:55:27: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf,1,2))); /* gnu C lib. */
data/direwolf-1.5+dfsg/tt_text.c:180:8: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len = vprintf (fmt, args);
data/direwolf-1.5+dfsg/tt_text.c:502:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (padded, text);
data/direwolf-1.5+dfsg/tt_text.c:543:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buttons, stemp);
data/direwolf-1.5+dfsg/tt_text.c:1438:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, grid[row][col]);
data/direwolf-1.5+dfsg/tt_text.c:1439:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, buttons+2);
data/direwolf-1.5+dfsg/tt_text.c:1606:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (text, argv[1]);
data/direwolf-1.5+dfsg/tt_text.c:1610:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (text, argv[n]);
data/direwolf-1.5+dfsg/tt_text.c:1673:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buttons, argv[1]);
data/direwolf-1.5+dfsg/ttcalc.c:190:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, pinfo);
data/direwolf-1.5+dfsg/xmit.c:1171:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system (cmd);
data/direwolf-1.5+dfsg/atest.c:289:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "B:P:D:F:L:G:012",
data/direwolf-1.5+dfsg/audio_win.c:564:11: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (&(A->in_cs));
data/direwolf-1.5+dfsg/audio_win.c:705:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&(A->in_cs));
data/direwolf-1.5+dfsg/audio_win.c:834:8: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&(A->in_cs));
data/direwolf-1.5+dfsg/config.c:944:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("HOME");
data/direwolf-1.5+dfsg/direwolf.c:355:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "P:B:D:c:pxr:b:n:d:q:t:Ul:L:Sa:E:T:",
data/direwolf-1.5+dfsg/direwolf.h:187:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (x)
data/direwolf-1.5+dfsg/direwolf.h:192:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (x)
data/direwolf-1.5+dfsg/dlq.c:129:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (&dlq_cs);
data/direwolf-1.5+dfsg/dlq.c:316:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&dlq_cs);
data/direwolf-1.5+dfsg/dlq.c:999:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&dlq_cs);
data/direwolf-1.5+dfsg/gen_packets.c:218:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "gm:s:a:b:B:r:n:o:z:82M:X",
data/direwolf-1.5+dfsg/igate.c:558:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/direwolf-1.5+dfsg/kissutil.c:208:15: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "h:p:s:vf:o:T:",
data/direwolf-1.5+dfsg/regex/regcomp.c:847:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
codeset_name = getenv ("LC_ALL");
data/direwolf-1.5+dfsg/regex/regcomp.c:849:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
codeset_name = getenv ("LC_CTYPE");
data/direwolf-1.5+dfsg/regex/regcomp.c:851:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
codeset_name = getenv ("LANG");
data/direwolf-1.5+dfsg/sock.c:354:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time(NULL));
data/direwolf-1.5+dfsg/xmit.c:1183:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strlcpy (path, getenv("PATH"), sizeof(path));
data/direwolf-1.5+dfsg/aclients.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_from[10];
data/direwolf-1.5+dfsg/aclients.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_to[10];
data/direwolf-1.5+dfsg/aclients.c:174:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostname[MAX_CLIENTS][50]; /* DNS host name or IPv4 address. */
data/direwolf-1.5+dfsg/aclients.c:179:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char port[MAX_CLIENTS][30]; /* If it begins with a digit, it is considered */
data/direwolf-1.5+dfsg/aclients.c:183:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char description[MAX_CLIENTS][50]; /* Name used in the output. */
data/direwolf-1.5+dfsg/aclients.c:194:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char packets[LINE_WIDTH+4];
data/direwolf-1.5+dfsg/aclients.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[100];
data/direwolf-1.5+dfsg/aclients.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[46]; /* text form of IP address */
data/direwolf-1.5+dfsg/aclients.c:393:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/direwolf-1.5+dfsg/aclients.c:595:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[400];
data/direwolf-1.5+dfsg/aclients.c:623:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packets+col, result, (size_t)len);
data/direwolf-1.5+dfsg/aclients.c:626:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packets+col, "OVERRUN! ", (size_t)10);
data/direwolf-1.5+dfsg/aclients.c:729:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (port[my_index], O_RDWR);
data/direwolf-1.5+dfsg/aclients.c:767:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[500];
data/direwolf-1.5+dfsg/aclients.c:840:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packets+col, result, (size_t)len);
data/direwolf-1.5+dfsg/aclients.c:843:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packets+col, "OVERRUN! ", (size_t)10);
data/direwolf-1.5+dfsg/aprs_tt.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg_str[MAX_CHANS][MAX_MSG_LEN+1];
data/direwolf-1.5+dfsg/aprs_tt.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tt_config, p, sizeof(struct tt_config_s));
data/direwolf-1.5+dfsg/aprs_tt.c:311:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_callsign[20]; /* really object name */
data/direwolf-1.5+dfsg/aprs_tt.c:325:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_loc_text[24];
data/direwolf-1.5+dfsg/aprs_tt.c:329:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_comment[200];
data/direwolf-1.5+dfsg/aprs_tt.c:330:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_freq[12];
data/direwolf-1.5+dfsg/aprs_tt.c:331:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_ctcss[8];
data/direwolf-1.5+dfsg/aprs_tt.c:333:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_dao[6];
data/direwolf-1.5+dfsg/aprs_tt.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script_response[1000];
data/direwolf-1.5+dfsg/aprs_tt.c:425:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audible_response[1000];
data/direwolf-1.5+dfsg/aprs_tt.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[MAX_MSG_LEN+1];
data/direwolf-1.5+dfsg/aprs_tt.c:596:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xstr[VALSTRSIZE], ystr[VALSTRSIZE], zstr[VALSTRSIZE], bstr[VALSTRSIZE], dstr[VALSTRSIZE];
data/direwolf-1.5+dfsg/aprs_tt.c:597:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[MAX_MSG_LEN+1];
data/direwolf-1.5+dfsg/aprs_tt.c:653:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c1[2];
data/direwolf-1.5+dfsg/aprs_tt.c:753:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tttemp[40], stemp[30];
data/direwolf-1.5+dfsg/aprs_tt.c:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nstr[3];
data/direwolf-1.5+dfsg/aprs_tt.c:936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[10];
data/direwolf-1.5+dfsg/aprs_tt.c:949:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nn = atoi (nstr);
data/direwolf-1.5+dfsg/aprs_tt.c:1022:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[12];
data/direwolf-1.5+dfsg/aprs_tt.c:1032:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[8];
data/direwolf-1.5+dfsg/aprs_tt.c:1039:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call[12];
data/direwolf-1.5+dfsg/aprs_tt.c:1119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xstr[VALSTRSIZE], ystr[VALSTRSIZE], zstr[VALSTRSIZE], bstr[VALSTRSIZE], dstr[VALSTRSIZE];
data/direwolf-1.5+dfsg/aprs_tt.c:1125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mh[20];
data/direwolf-1.5+dfsg/aprs_tt.c:1126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[32];
data/direwolf-1.5+dfsg/aprs_tt.c:1261:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/direwolf-1.5+dfsg/aprs_tt.c:1290:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc[40];
data/direwolf-1.5+dfsg/aprs_tt.c:1314:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/direwolf-1.5+dfsg/aprs_tt.c:1388:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_ambiguity = atoi(xstr);
data/direwolf-1.5+dfsg/aprs_tt.c:1485:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[2];
data/direwolf-1.5+dfsg/aprs_tt.c:1497:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[2];
data/direwolf-1.5+dfsg/aprs_tt.c:1509:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[2];
data/direwolf-1.5+dfsg/aprs_tt.c:1521:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[2];
data/direwolf-1.5+dfsg/aprs_tt.c:1533:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[2];
data/direwolf-1.5+dfsg/aprs_tt.c:1673:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[10], dest[10];
data/direwolf-1.5+dfsg/aprs_tt.c:1674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_tt_msg[256];
data/direwolf-1.5+dfsg/aprs_tt.c:1923:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[32];
data/direwolf-1.5+dfsg/aprs_tt.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[20]; /* e.g. B998, B5bbbdddd, B2xxyy, Byyyxxx, BAxxxx */
data/direwolf-1.5+dfsg/aprs_tt.h:53:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[8]; /* Zone and square for USNG/MGRS */
data/direwolf-1.5+dfsg/aprs_tt.h:57:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[24]; /* should be 10, 6, or 4 digits to be */
data/direwolf-1.5+dfsg/aprs_tt.h:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *tt_msg_id[TT_ERROR_MAXP1] = {
data/direwolf-1.5+dfsg/aprs_tt.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obj_xmit_via[AX25_MAX_REPEATERS * (AX25_MAX_ADDR_LEN+1)];
data/direwolf-1.5+dfsg/aprs_tt.h:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char status[10][TT_MTEXT_LEN]; /* Up to 9 status messages. e.g. "/enroute" */
data/direwolf-1.5+dfsg/aprs_tt.h:158:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[AX25_MAX_ADDR_LEN]; /* SPEECH or MORSE[-n] */
data/direwolf-1.5+dfsg/aprs_tt.h:159:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtext[TT_MTEXT_LEN]; /* Message text. */
data/direwolf-1.5+dfsg/aprs_tt.h:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttcmd[80]; /* Command to generate custom audible response. */
data/direwolf-1.5+dfsg/atest.c:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff[4]; /* "RIFF" */
data/direwolf-1.5+dfsg/atest.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wave[4]; /* "WAVE" */
data/direwolf-1.5+dfsg/atest.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[4]; /* "fmt " */
data/direwolf-1.5+dfsg/atest.c:101:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4]; /* "data" */
data/direwolf-1.5+dfsg/atest.c:112:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff[4]; /* "RIFF" */
data/direwolf-1.5+dfsg/atest.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wave[4]; /* "WAVE" */
data/direwolf-1.5+dfsg/atest.c:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4]; /* "LIST" or "fmt " */
data/direwolf-1.5+dfsg/atest.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extras[4];
data/direwolf-1.5+dfsg/atest.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4]; /* "data" */
data/direwolf-1.5+dfsg/atest.c:302:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
my_audio_config.achan[0].baud = atoi(optarg);
data/direwolf-1.5+dfsg/atest.c:364:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
decimate = atoi(optarg);
data/direwolf-1.5+dfsg/atest.c:378:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
my_audio_config.achan[0].fix_bits = atoi(optarg);
data/direwolf-1.5+dfsg/atest.c:389:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error_if_less_than = atoi(optarg);
data/direwolf-1.5+dfsg/atest.c:394:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
error_if_greater_than = atoi(optarg);
data/direwolf-1.5+dfsg/atest.c:427:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&my_audio_config.achan[1], &my_audio_config.achan[0], sizeof(my_audio_config.achan[0]));
data/direwolf-1.5+dfsg/atest.c:436:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[optind], "rb");
data/direwolf-1.5+dfsg/atest.c:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[500];
data/direwolf-1.5+dfsg/atest.c:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heard[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/atest.c:661:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alevel_text[AX25_ALEVEL_TO_TEXT_SIZE];
data/direwolf-1.5+dfsg/audio.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_in_name[30];
data/direwolf-1.5+dfsg/audio.c:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_out_name[30];
data/direwolf-1.5+dfsg/audio.c:307:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/audio.c:352:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
adev[a].oss_audio_device_fd = open (pa->adev[a].adevice_in, O_RDWR);
data/direwolf-1.5+dfsg/audio.c:390:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si_me.sin_port = htons((short)atoi(audio_in_name+4));
data/direwolf-1.5+dfsg/audio.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/direwolf-1.5+dfsg/audio.h:73:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adevice_in[80]; /* Name of the audio input device (or file?). */
data/direwolf-1.5+dfsg/audio.h:76:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char adevice_out[80]; /* Name of the audio output device (or file?). */
data/direwolf-1.5+dfsg/audio.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tts_script[80]; /* Script for text to speech. */
data/direwolf-1.5+dfsg/audio.h:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_format[40]; /* -T option */
data/direwolf-1.5+dfsg/audio.h:113:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[AX25_MAX_ADDR_LEN]; /* Call associated with this radio channel. */
data/direwolf-1.5+dfsg/audio.h:153:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profiles[16]; /* zero or more of ABC etc, optional + */
data/direwolf-1.5+dfsg/audio.h:201:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptt_device[100]; /* Serial device name for PTT. e.g. COM1 or /dev/ttyS0 */
data/direwolf-1.5+dfsg/audio.h:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_gpio_name[MAX_GPIO_NAME_LEN];
data/direwolf-1.5+dfsg/audio.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in_gpio_name[MAX_GPIO_NAME_LEN];
data/direwolf-1.5+dfsg/audio_portaudio.c:201:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numStr[8];
data/direwolf-1.5+dfsg/audio_portaudio.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_in_name[80];
data/direwolf-1.5+dfsg/audio_portaudio.c:532:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char audio_out_name[80];
data/direwolf-1.5+dfsg/audio_portaudio.c:619:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/audio_portaudio.c:682:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si_me.sin_port = htons((short)atoi(audio_in_name+4));
data/direwolf-1.5+dfsg/audio_portaudio.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_devName[80];
data/direwolf-1.5+dfsg/audio_portaudio.c:787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_devName[80];
data/direwolf-1.5+dfsg/audio_win.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stream_data[SDR_UDP_BUF_MAXLEN];
data/direwolf-1.5+dfsg/audio_win.c:320:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in_dev_no[a] = atoi(pa->adev[a].adevice_in);
data/direwolf-1.5+dfsg/audio_win.c:323:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
in_dev_no[a] = atoi(pa->adev[a].adevice_in);
data/direwolf-1.5+dfsg/audio_win.c:350:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out_dev_no[a] = atoi(pa->adev[a].adevice_out);
data/direwolf-1.5+dfsg/audio_win.c:353:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out_dev_no[a] = atoi(pa->adev[a].adevice_out);
data/direwolf-1.5+dfsg/audio_win.c:640:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si_me.sin_port = htons((short)atoi(pa->adev[a].adevice_in + 4));
data/direwolf-1.5+dfsg/ax25_link.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs[AX25_MAX_REPEATERS][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_link.c:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_link.c:737:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static ax25_dlsm_t *get_link_handle (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client, int create)
data/direwolf-1.5+dfsg/ax25_link.c:1273:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segdata[AX25_N1_PACLEN_MAX];
data/direwolf-1.5+dfsg/ax25_link.c:1292:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (first_segment.segdata, E->txdata->data + orig_offset, seglen);
data/direwolf-1.5+dfsg/ax25_link.c:1307:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segdata[AX25_N1_PACLEN_MAX];
data/direwolf-1.5+dfsg/ax25_link.c:1324:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (subsequent_segment.segdata, E->txdata->data + orig_offset, seglen);
data/direwolf-1.5+dfsg/ax25_link.c:1717:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (S->ra_buff->data, data + 2, len - 2);
data/direwolf-1.5+dfsg/ax25_link.c:1758:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (S->ra_buff->data + S->ra_buff->len, data + 1, len - 1);
data/direwolf-1.5+dfsg/ax25_link.c:1973:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[80];
data/direwolf-1.5+dfsg/ax25_link.c:3080:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[128];
data/direwolf-1.5+dfsg/ax25_link.c:4877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[150];
data/direwolf-1.5+dfsg/ax25_link.c:4879:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xinfo[40];
data/direwolf-1.5+dfsg/ax25_link.c:4943:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[80] = "The quick brown fox jumps over the lazy dog.";
data/direwolf-1.5+dfsg/ax25_link.c:5328:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xinfo[40];
data/direwolf-1.5+dfsg/ax25_link.c:6381:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char xinfo[40];
data/direwolf-1.5+dfsg/ax25_pad.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[512];
data/direwolf-1.5+dfsg/ax25_pad.c:382:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atemp[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_part[AX25_MAX_INFO_LEN+1];
data/direwolf-1.5+dfsg/ax25_pad.c:570:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*)(this_p->frame_data+this_p->frame_len), info_part, info_len);
data/direwolf-1.5+dfsg/ax25_pad.c:642:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (this_p->frame_data, fbuf, flen);
data/direwolf-1.5+dfsg/ax25_pad.c:684:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (this_p, copy_from, sizeof (struct packet_s));
data/direwolf-1.5+dfsg/ax25_pad.c:734:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *position_name[1 + AX25_MAX_ADDRS] = {
data/direwolf-1.5+dfsg/ax25_pad.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstr[8]; /* Should be 1 or 2 digits for SSID. */
data/direwolf-1.5+dfsg/ax25_pad.c:816:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k = atoi(sstr);
data/direwolf-1.5+dfsg/ax25_pad.c:894:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ignore1[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atemp[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:1058:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atemp[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:1263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstr[8]; /* Should be 1 or 2 digits for SSID. */
data/direwolf-1.5+dfsg/ax25_pad.c:1884:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:1949:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:1997:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ax25_pack (packet_t this_p, unsigned char result[AX25_MAX_PACKET_LEN])
data/direwolf-1.5+dfsg/ax25_pad.c:2005:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (result, this_p->frame_data, this_p->frame_len);
data/direwolf-1.5+dfsg/ax25_pad.c:2104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cr_text[8];
data/direwolf-1.5+dfsg/ax25_pad.c:2105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pf_text[8];
data/direwolf-1.5+dfsg/ax25_pad.c:2108:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (src_c) { *cr = cr_11; strcpy(cr_text,"cc=11"); strcpy(pf_text,"p/f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2108:56: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (src_c) { *cr = cr_11; strcpy(cr_text,"cc=11"); strcpy(pf_text,"p/f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2109:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else { *cr = cr_cmd; strcpy(cr_text,"cmd"); strcpy(pf_text,"p"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2112:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (src_c) { *cr = cr_res; strcpy(cr_text,"res"); strcpy(pf_text,"f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2113:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else { *cr = cr_00; strcpy(cr_text,"cc=00"); strcpy(pf_text,"p/f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2113:56: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else { *cr = cr_00; strcpy(cr_text,"cc=00"); strcpy(pf_text,"p/f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2251:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void pid_to_text (int p, char out[PID_TEXT_SIZE])
data/direwolf-1.5+dfsg/ax25_pad.c:2285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp_text[120];
data/direwolf-1.5+dfsg/ax25_pad.c:2286:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_text[20];
data/direwolf-1.5+dfsg/ax25_pad.c:2296:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pid_text[PID_TEXT_SIZE];
data/direwolf-1.5+dfsg/ax25_pad.c:2585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:2586:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:2641:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fbuf[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/ax25_pad.c:2701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_str[MAXSAFE*6+1];
data/direwolf-1.5+dfsg/ax25_pad.c:2788:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ax25_alevel_to_text (alevel_t alevel, char text[AX25_ALEVEL_TO_TEXT_SIZE])
data/direwolf-1.5+dfsg/ax25_pad.h:140:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_data[AX25_MAX_PACKET_LEN+1];
data/direwolf-1.5+dfsg/ax25_pad.h:416:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int ax25_pack (packet_t pp, unsigned char result[AX25_MAX_PACKET_LEN]);
data/direwolf-1.5+dfsg/ax25_pad.h:439:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern int ax25_alevel_to_text (alevel_t alevel, char text[AX25_ALEVEL_TO_TEXT_SIZE]);
data/direwolf-1.5+dfsg/ax25_pad2.c:156:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int set_addrs (packet_t pp, char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr);
data/direwolf-1.5+dfsg/ax25_pad2.c:202:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_u_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int pf, int pid, unsigned char *pinfo, int info_len, char *src_file, int src_line)
data/direwolf-1.5+dfsg/ax25_pad2.c:204:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_u_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int pf, int pid, unsigned char *pinfo, int info_len)
data/direwolf-1.5+dfsg/ax25_pad2.c:286:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, pinfo, info_len);
data/direwolf-1.5+dfsg/ax25_pad2.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check_desc[80];
data/direwolf-1.5+dfsg/ax25_pad2.c:368:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_s_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int modulo, int nr, int pf, unsigned char *pinfo, int info_len, char *src_file, int src_line)
data/direwolf-1.5+dfsg/ax25_pad2.c:370:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_s_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int modulo, int nr, int pf, unsigned char *pinfo, int info_len)
data/direwolf-1.5+dfsg/ax25_pad2.c:456:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, pinfo, info_len);
data/direwolf-1.5+dfsg/ax25_pad2.c:477:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check_desc[80];
data/direwolf-1.5+dfsg/ax25_pad2.c:537:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_i_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, int modulo, int nr, int ns, int pf, int pid, unsigned char *pinfo, int info_len, char *src_file, int src_line)
data/direwolf-1.5+dfsg/ax25_pad2.c:539:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_i_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, int modulo, int nr, int ns, int pf, int pid, unsigned char *pinfo, int info_len)
data/direwolf-1.5+dfsg/ax25_pad2.c:619:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, pinfo, info_len);
data/direwolf-1.5+dfsg/ax25_pad2.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char check_desc[80];
data/direwolf-1.5+dfsg/ax25_pad2.c:691:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int set_addrs (packet_t pp, char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr)
data/direwolf-1.5+dfsg/ax25_pad2.c:709:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oaddr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad2.c:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/ax25_pad2.c:789:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (addrs[0], "W2UB");
data/direwolf-1.5+dfsg/ax25_pad2.c:790:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (addrs[1], "WB2OSZ-15");
data/direwolf-1.5+dfsg/ax25_pad2.c:831:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (addrs[2], "DIGI1-1");
data/direwolf-1.5+dfsg/ax25_pad2.h:23:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_u_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int pf, int pid, unsigned char *pinfo, int info_len, char *src_file, int src_line);
data/direwolf-1.5+dfsg/ax25_pad2.h:25:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_s_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int modulo, int nr, int pf, unsigned char *pinfo, int info_len, char *src_file, int src_line);
data/direwolf-1.5+dfsg/ax25_pad2.h:27:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_i_frame_debug (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, int modulo, int nr, int ns, int pf, int pid, unsigned char *pinfo, int info_len, char *src_file, int src_line);
data/direwolf-1.5+dfsg/ax25_pad2.h:39:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_u_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int pf, int pid, unsigned char *pinfo, int info_len);
data/direwolf-1.5+dfsg/ax25_pad2.h:41:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_s_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, ax25_frame_type_t ftype, int modulo, int nr, int pf, unsigned char *pinfo, int info_len);
data/direwolf-1.5+dfsg/ax25_pad2.h:43:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
packet_t ax25_i_frame (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, cmdres_t cr, int modulo, int nr, int ns, int pf, int pid, unsigned char *pinfo, int info_len);
data/direwolf-1.5+dfsg/beacon.c:75:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, tm, sizeof(struct tm));
data/direwolf-1.5+dfsg/beacon.c:424:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hms[20];
data/direwolf-1.5+dfsg/beacon.c:499:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hms[20];
data/direwolf-1.5+dfsg/beacon.c:751:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[20];
data/direwolf-1.5+dfsg/beacon.c:752:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[AX25_MAX_INFO_LEN];
data/direwolf-1.5+dfsg/beacon.c:753:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char beacon_text[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/beacon.c:755:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mycall[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/beacon.c:757:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char super_comment[AX25_MAX_INFO_LEN]; // Fixed part + any dynamic part.
data/direwolf-1.5+dfsg/beacon.c:818:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_comment[AX25_MAX_INFO_LEN];
data/direwolf-1.5+dfsg/beacon.c:939:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_part[AX25_MAX_INFO_LEN];
data/direwolf-1.5+dfsg/beacon.c:965:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[256];
data/direwolf-1.5+dfsg/cdigipeater.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeater[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/cdigipeater.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[100];
data/direwolf-1.5+dfsg/cdigipeater.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cfilter_str[MAX_CHANS][MAX_CHANS];
data/direwolf-1.5+dfsg/cm108.c:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src + start, len);
data/direwolf-1.5+dfsg/cm108.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[32]; // product name (e.g. manufacturer, model)
data/direwolf-1.5+dfsg/cm108.c:233:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnode_sound[22]; // e.g. /dev/snd/pcmC0D0p
data/direwolf-1.5+dfsg/cm108.c:234:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plughw[15]; // Above in more familiar format e.g. plughw:0,0
data/direwolf-1.5+dfsg/cm108.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnode_hidraw[17]; // e.g. /dev/hidraw3
data/direwolf-1.5+dfsg/cm108.c:236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devnode_usb[25]; // e.g. /dev/bus/usb/001/012
data/direwolf-1.5+dfsg/cm108.c:459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[100];
data/direwolf-1.5+dfsg/cm108.c:472:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[32], d[32];
data/direwolf-1.5+dfsg/cm108.c:603:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io[5];
data/direwolf-1.5+dfsg/cm108.c:642:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_WRONLY);
data/direwolf-1.5+dfsg/config.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[40];
data/direwolf-1.5+dfsg/config.c:450:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sec = atoi(str) * 60 + atoi(p+1);
data/direwolf-1.5+dfsg/config.c:450:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sec = atoi(str) * 60 + atoi(p+1);
data/direwolf-1.5+dfsg/config.c:453:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sec = atoi(str) * 60;
data/direwolf-1.5+dfsg/config.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_REPEATERS * (AX25_MAX_ADDR_LEN + 1)];
data/direwolf-1.5+dfsg/config.c:524:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/config.c:595:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd[MAXCMDLEN];
data/direwolf-1.5+dfsg/config.c:596:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char token[MAXCMDLEN];
data/direwolf-1.5+dfsg/config.c:723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filepath[128];
data/direwolf-1.5+dfsg/config.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[MAXCMDLEN];
data/direwolf-1.5+dfsg/config.c:934:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (filepath, "r");
data/direwolf-1.5+dfsg/config.c:948:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (filepath, "r");
data/direwolf-1.5+dfsg/config.c:999:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
adevice = atoi(t+7);
data/direwolf-1.5+dfsg/config.c:1120:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1143:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1176:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1215:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_no_ssid[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/config.c:1274:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1334:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1358:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1419:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1429:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1457:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].mark_freq = atoi(t);
data/direwolf-1.5+dfsg/config.c:1458:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].space_freq = atoi(s+1);
data/direwolf-1.5+dfsg/config.c:1483:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].num_freq = atoi(t);
data/direwolf-1.5+dfsg/config.c:1484:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].offset = atoi(s+1);
data/direwolf-1.5+dfsg/config.c:1507:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t+1);
data/direwolf-1.5+dfsg/config.c:1566:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1641:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char otname[8];
data/direwolf-1.5+dfsg/config.c:1680:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].out_gpio_num = atoi(t+1);
data/direwolf-1.5+dfsg/config.c:1684:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].out_gpio_num = atoi(t);
data/direwolf-1.5+dfsg/config.c:1704:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].ptt_lpt_bit = atoi(t+1);
data/direwolf-1.5+dfsg/config.c:1708:65: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].ptt_lpt_bit = atoi(t);
data/direwolf-1.5+dfsg/config.c:1730:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:1803:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].out_gpio_num = atoi(t+1);
data/direwolf-1.5+dfsg/config.c:1807:68: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].octrl[ot].out_gpio_num = atoi(t);
data/direwolf-1.5+dfsg/config.c:1940:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itname[8];
data/direwolf-1.5+dfsg/config.c:1965:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].ictrl[ICTYPE_TXINH].in_gpio_num = atoi(t+1);
data/direwolf-1.5+dfsg/config.c:1969:75: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_audio_config->achan[channel].ictrl[ICTYPE_TXINH].in_gpio_num = atoi(t);
data/direwolf-1.5+dfsg/config.c:1990:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2014:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2038:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2062:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2086:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2163:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/direwolf-1.5+dfsg/config.c:2172:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2192:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2285:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:2311:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2331:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2362:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[100];
data/direwolf-1.5+dfsg/config.c:2370:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2390:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_chan = atoi(t);
data/direwolf-1.5+dfsg/config.c:2466:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_chan = isdigit(*t) ? atoi(t) : -999;
data/direwolf-1.5+dfsg/config.c:2492:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_chan = isdigit(*t) ? atoi(t) : -999;
data/direwolf-1.5+dfsg/config.c:2547:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_chan = isdigit(*t) ? atoi(t) : -999;
data/direwolf-1.5+dfsg/config.c:2569:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_chan = isdigit(*t) ? atoi(t) : -999;
data/direwolf-1.5+dfsg/config.c:3034:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message [300];
data/direwolf-1.5+dfsg/config.c:3057:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/direwolf-1.5+dfsg/config.c:3236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mh[30];
data/direwolf-1.5+dfsg/config.c:3510:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[100]; // text inside of xx{...}
data/direwolf-1.5+dfsg/config.c:3511:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttemp[300]; // Converted to tone sequences.
data/direwolf-1.5+dfsg/config.c:3512:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char otemp[1000]; // Result after any substitutions.
data/direwolf-1.5+dfsg/config.c:3513:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2[2];
data/direwolf-1.5+dfsg/config.c:3726:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(t);
data/direwolf-1.5+dfsg/config.c:3817:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/config.c:3901:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
status_num = atoi(t);
data/direwolf-1.5+dfsg/config.c:3972:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:3988:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4044:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4124:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4147:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4175:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4208:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4243:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4267:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4308:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_misc_config->kiss_serial_speed = atoi(t);
data/direwolf-1.5+dfsg/config.c:4366:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_misc_config->gpsd_port = atoi(DEFAULT_GPSD_PORT);
data/direwolf-1.5+dfsg/config.c:4375:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4380:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_misc_config->gpsd_port = atoi(DEFAULT_GPSD_PORT);
data/direwolf-1.5+dfsg/config.c:4577:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t); \
data/direwolf-1.5+dfsg/config.c:4639:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4662:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4685:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4710:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4735:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4758:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(t);
data/direwolf-1.5+dfsg/config.c:4786:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_no_ssid[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/config.c:4822:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_no_ssid[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/config.c:4984:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_symbol[100];
data/direwolf-1.5+dfsg/config.c:4986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone[8];
data/direwolf-1.5+dfsg/config.c:5012:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyword[20];
data/direwolf-1.5+dfsg/config.c:5013:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[200];
data/direwolf-1.5+dfsg/config.c:5049:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(value+1);
data/direwolf-1.5+dfsg/config.c:5059:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(value+1);
data/direwolf-1.5+dfsg/config.c:5070:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(value);
data/direwolf-1.5+dfsg/config.c:5130:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(value);
data/direwolf-1.5+dfsg/config.c:5165:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->power = atoi(value);
data/direwolf-1.5+dfsg/config.c:5168:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->height = atoi(value);
data/direwolf-1.5+dfsg/config.c:5171:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->gain = atoi(value);
data/direwolf-1.5+dfsg/config.c:5192:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->compress = atoi(value);
data/direwolf-1.5+dfsg/config.c:5195:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->messaging = atoi(value);
data/direwolf-1.5+dfsg/config.c:5236:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message [300];
data/direwolf-1.5+dfsg/config.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kiss_serial_port[20];
data/direwolf-1.5+dfsg/config.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpsnmea_port[20]; /* Serial port name for reading NMEA sentences from GPS. */
data/direwolf-1.5+dfsg/config.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpsd_host[20]; /* Host for gpsd server. */
data/direwolf-1.5+dfsg/config.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char waypoint_port[20]; /* Serial port name for sending NMEA waypoint sentences */
data/direwolf-1.5+dfsg/config.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_path[80]; /* Either directory or full file name depending on above. */
data/direwolf-1.5+dfsg/config.h:161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char objname[10]; /* Object name. Any printable characters. */
data/direwolf-1.5+dfsg/config.h:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[3]; /* 1 or 2 of N,E,W,S, or empty for omni. */
data/direwolf-1.5+dfsg/decode_aprs.c:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lat[8];
data/direwolf-1.5+dfsg/decode_aprs.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon[9];
data/direwolf-1.5+dfsg/decode_aprs.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y[4]; /* Compressed Latitude. */
data/direwolf-1.5+dfsg/decode_aprs.c:83:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[4]; /* Compressed Longitude. */
data/direwolf-1.5+dfsg/decode_aprs.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/decode_aprs.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[200];
data/direwolf-1.5+dfsg/decode_aprs.c:404:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_lat[30];
data/direwolf-1.5+dfsg/decode_aprs.c:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_lon[30];
data/direwolf-1.5+dfsg/decode_aprs.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol_description[100];
data/direwolf-1.5+dfsg/decode_aprs.c:444:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phg[100];
data/direwolf-1.5+dfsg/decode_aprs.c:456:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rng[100];
data/direwolf-1.5+dfsg/decode_aprs.c:543:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spd[20];
data/direwolf-1.5+dfsg/decode_aprs.c:551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cse[20];
data/direwolf-1.5+dfsg/decode_aprs.c:559:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alt[20];
data/direwolf-1.5+dfsg/decode_aprs.c:567:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:590:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:722:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[43]; /* Start of comment could be data extension(s). */
data/direwolf-1.5+dfsg/decode_aprs.c:728:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40]; /* No data extension allowed for compressed location. */
data/direwolf-1.5+dfsg/decode_aprs.c:822:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[7];
data/direwolf-1.5+dfsg/decode_aprs.c:824:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[43]; /* First 7 bytes could be data extension. */
data/direwolf-1.5+dfsg/decode_aprs.c:829:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[7];
data/direwolf-1.5+dfsg/decode_aprs.c:831:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40]; /* No data extension in this case. */
data/direwolf-1.5+dfsg/decode_aprs.c:1097:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lon[3]; /* "d+28", "m+28", "h+28" */
data/direwolf-1.5+dfsg/decode_aprs.c:1098:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char speed_course[3];
data/direwolf-1.5+dfsg/decode_aprs.c:1103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[10];
data/direwolf-1.5+dfsg/decode_aprs.c:1109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *std_text[8] = {"Emergency", "Priority", "Special", "Committed", "Returning", "In Service", "En Route", "Off Duty" };
data/direwolf-1.5+dfsg/decode_aprs.c:1110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cust_text[8] = {"Emergency", "Custom-6", "Custom-5", "Custom-4", "Custom-3", "Custom-2", "Custom-1", "Custom-0" };
data/direwolf-1.5+dfsg/decode_aprs.c:1494:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressee[9];
data/direwolf-1.5+dfsg/decode_aprs.c:1496:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[73]; /* 0-67 characters for message */
data/direwolf-1.5+dfsg/decode_aprs.c:1502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressee[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/decode_aprs.c:1529:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (addressee, p->addressee, sizeof(p->addressee)); // copy exactly 9 bytes.
data/direwolf-1.5+dfsg/decode_aprs.c:1645:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/direwolf-1.5+dfsg/decode_aprs.c:1647:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[7];
data/direwolf-1.5+dfsg/decode_aprs.c:1649:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[43]; /* First 7 bytes could be data extension. */
data/direwolf-1.5+dfsg/decode_aprs.c:1654:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/direwolf-1.5+dfsg/decode_aprs.c:1656:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[7];
data/direwolf-1.5+dfsg/decode_aprs.c:1658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40]; /* No data extension in this case. */
data/direwolf-1.5+dfsg/decode_aprs.c:1672:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (A->g_name, p->name, sizeof(p->name)); // copy exactly 9 bytes.
data/direwolf-1.5+dfsg/decode_aprs.c:1758:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10]; /* Actually variable length 3 - 9 bytes. */
data/direwolf-1.5+dfsg/decode_aprs.c:1766:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment__[43]; /* First 7 bytes could be data extension. */
data/direwolf-1.5+dfsg/decode_aprs.c:1771:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10]; /* Actually variable length 3 - 9 bytes. */
data/direwolf-1.5+dfsg/decode_aprs.c:1777:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment__[40]; /* No data extension in this case. */
data/direwolf-1.5+dfsg/decode_aprs.c:1909:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ztime[7]; /* Time stamp ddhhmmz */
data/direwolf-1.5+dfsg/decode_aprs.c:1910:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[55];
data/direwolf-1.5+dfsg/decode_aprs.c:1915:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhead4[4]; /* 4 character Maidenhead locator. */
data/direwolf-1.5+dfsg/decode_aprs.c:1919:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[54];
data/direwolf-1.5+dfsg/decode_aprs.c:1924:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mhead6[6]; /* 6 character Maidenhead locator. */
data/direwolf-1.5+dfsg/decode_aprs.c:1928:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[54];
data/direwolf-1.5+dfsg/decode_aprs.c:1933:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[62];
data/direwolf-1.5+dfsg/decode_aprs.c:1967:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (A->g_maidenhead, pm6->mhead6, sizeof(pm6->mhead6));
data/direwolf-1.5+dfsg/decode_aprs.c:2001:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (A->g_maidenhead, pm4->mhead4, sizeof(pm4->mhead4));
data/direwolf-1.5+dfsg/decode_aprs.c:2113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/decode_aprs.c:2392:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[8]; /* MDHM format */
data/direwolf-1.5+dfsg/decode_aprs.c:2393:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[99];
data/direwolf-1.5+dfsg/decode_aprs.c:2459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[8]; // larger than maximum dlen.
data/direwolf-1.5+dfsg/decode_aprs.c:2489:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stemp, (*wpp)+1, dlen);
data/direwolf-1.5+dfsg/decode_aprs.c:2545:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2563:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2577:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2600:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2610:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2620:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2630:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:2642:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2653:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2663:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2676:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2686:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:2700:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctemp[40];
data/direwolf-1.5+dfsg/decode_aprs.c:3076:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char deg[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3077:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minn[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3079:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmin[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3229:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char deg[3];
data/direwolf-1.5+dfsg/decode_aprs.c:3230:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minn[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3232:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hmin[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3420:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char day[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3421:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hours[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minutes[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3429:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hours[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3430:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minutes[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3431:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seconds[2];
data/direwolf-1.5+dfsg/decode_aprs.c:3593:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *dir[9] = { "omni", "NE", "E", "SE", "S", "SW", "W", "NW", "N" };
data/direwolf-1.5+dfsg/decode_aprs.c:3730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[7];
data/direwolf-1.5+dfsg/decode_aprs.c:3769:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[100];
data/direwolf-1.5+dfsg/decode_aprs.c:3801:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(search_locations[n++], "r");
data/direwolf-1.5+dfsg/decode_aprs.c:3934:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src + start, len);
data/direwolf-1.5+dfsg/decode_aprs.c:4047:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * s_ctcss[NUM_CTCSS] = {
data/direwolf-1.5+dfsg/decode_aprs.c:4076:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[100];
data/direwolf-1.5+dfsg/decode_aprs.c:4079:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[sizeof(A->g_comment)];
data/direwolf-1.5+dfsg/decode_aprs.c:4200:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (A->g_comment, pstart, (size_t)clen);
data/direwolf-1.5+dfsg/decode_aprs.c:4215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sftemp[30];
data/direwolf-1.5+dfsg/decode_aprs.c:4216:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smtemp[10];
data/direwolf-1.5+dfsg/decode_aprs.c:4283:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttemp[10]; /* includes leading letter */
data/direwolf-1.5+dfsg/decode_aprs.c:4291:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
f = atoi(sttemp+1);
data/direwolf-1.5+dfsg/decode_aprs.c:4319:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttemp[10]; /* three octal digits */
data/direwolf-1.5+dfsg/decode_aprs.c:4330:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttemp[10]; /* includes leading sign */
data/direwolf-1.5+dfsg/decode_aprs.c:4334:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
A->g_offset = 10 * atoi(sttemp);
data/direwolf-1.5+dfsg/decode_aprs.c:4341:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sttemp[10]; /* should be two digits */
data/direwolf-1.5+dfsg/decode_aprs.c:4342:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sutemp[10]; /* m for miles or k for km */
data/direwolf-1.5+dfsg/decode_aprs.c:4348:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
A->g_range = atoi(sttemp);
data/direwolf-1.5+dfsg/decode_aprs.c:4351:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
A->g_range = DW_KM_TO_MILES(atoi(sttemp));
data/direwolf-1.5+dfsg/decode_aprs.c:4371:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tdata[30]; /* Should be 4 to 14 characters. */
data/direwolf-1.5+dfsg/decode_aprs.c:4504:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
A->g_altitude_ft = atoi(A->g_comment + match[0].rm_so + 3);
data/direwolf-1.5+dfsg/decode_aprs.c:4519:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bad[30];
data/direwolf-1.5+dfsg/decode_aprs.c:4520:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char good[30];
data/direwolf-1.5+dfsg/decode_aprs.c:4545:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bad1[30]; /* original 99.9 or 999.9 format or one of 67 77 100 123 */
data/direwolf-1.5+dfsg/decode_aprs.c:4546:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bad2[30]; /* 99.9 or 999.9 format. ".0" appended for special cases. */
data/direwolf-1.5+dfsg/decode_aprs.c:4547:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char good[30];
data/direwolf-1.5+dfsg/decode_aprs.c:4717:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[MAXLINE];
data/direwolf-1.5+dfsg/decode_aprs.c:4718:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[MAXBYTES];
data/direwolf-1.5+dfsg/decode_aprs.c:4835:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_frame[MAXBYTES];
data/direwolf-1.5+dfsg/decode_aprs.c:4838:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (kiss_frame, bytes, num_bytes);
data/direwolf-1.5+dfsg/decode_aprs.c:4864:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs[120];
data/direwolf-1.5+dfsg/decode_aprs.h:27:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/decode_aprs.h:29:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_msg_type[60]; /* APRS data type. Telemetry descriptions get pretty long. */
data/direwolf-1.5+dfsg/decode_aprs.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_aprstt_loc[APRSTT_LOC_DESC_LEN]; /* APRStt location from !DAO! */
data/direwolf-1.5+dfsg/decode_aprs.h:61:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_maidenhead[12]; /* 4 or 6 (or 8?) character maidenhead locator. */
data/direwolf-1.5+dfsg/decode_aprs.h:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_name[12]; /* Object or item name. Max. 9 characters. */
data/direwolf-1.5+dfsg/decode_aprs.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_addressee[12]; /* Addressee for a "message." Max. 9 characters. */
data/direwolf-1.5+dfsg/decode_aprs.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_message_number[8]; /* Message number. Should be 1 - 5 characters if used. */
data/direwolf-1.5+dfsg/decode_aprs.h:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_directivity[12]; /* Direction of max signal strength */
data/direwolf-1.5+dfsg/decode_aprs.h:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_mfr[80]; /* Manufacturer or application. */
data/direwolf-1.5+dfsg/decode_aprs.h:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_mic_e_status[32]; /* MIC-E message. */
data/direwolf-1.5+dfsg/decode_aprs.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_query_type[12]; /* General Query: APRS, IGATE, WX, ... */
data/direwolf-1.5+dfsg/decode_aprs.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_query_callsign[12]; /* Directed query may contain callsign. */
data/direwolf-1.5+dfsg/decode_aprs.h:126:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_weather[500]; /* Weather. Can get quite long. Rethink max size. */
data/direwolf-1.5+dfsg/decode_aprs.h:128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_telemetry[256]; /* Telemetry data. Rethink max size. */
data/direwolf-1.5+dfsg/decode_aprs.h:130:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char g_comment[256]; /* Comment. */
data/direwolf-1.5+dfsg/demod.c:114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char just_letters[16];
data/direwolf-1.5+dfsg/demod_9600.c:394:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[30];
data/direwolf-1.5+dfsg/demod_9600.c:403:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
demod_log_fp = fopen (fname, "w");
data/direwolf-1.5+dfsg/demod_9600.c:531:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[30];
data/direwolf-1.5+dfsg/demod_9600.c:543:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
demod_log_fp = fopen (fname, "w");
data/direwolf-1.5+dfsg/demod_afsk.c:1058:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[30];
data/direwolf-1.5+dfsg/demod_afsk.c:1066:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
demod_log_fp = fopen (fname, "w");
data/direwolf-1.5+dfsg/demod_psk.c:715:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[30];
data/direwolf-1.5+dfsg/demod_psk.c:724:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
demod_log_fp = fopen (fname, "w");
data/direwolf-1.5+dfsg/digipeater.c:263:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *dest_ssid_path[16] = {
data/direwolf-1.5+dfsg/digipeater.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/digipeater.c:289:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeater[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/digipeater.c:291:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_msg[100];
data/direwolf-1.5+dfsg/digipeater.c:445:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repeater2[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/digipeater.c:631:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec[256];
data/direwolf-1.5+dfsg/digipeater.c:632:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xmit[256];
data/direwolf-1.5+dfsg/digipeater.c:635:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/digipeater.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[256];
data/direwolf-1.5+dfsg/digipeater.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filter_str[MAX_CHANS+1][MAX_CHANS+1];
data/direwolf-1.5+dfsg/direwolf.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_file[100];
data/direwolf-1.5+dfsg/direwolf.c:194:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char P_opt[16];
data/direwolf-1.5+dfsg/direwolf.c:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l_opt_logdir[80];
data/direwolf-1.5+dfsg/direwolf.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char L_opt_logfile[80];
data/direwolf-1.5+dfsg/direwolf.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_file[80];
data/direwolf-1.5+dfsg/direwolf.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char T_opt_timestamp[40];
data/direwolf-1.5+dfsg/direwolf.c:252:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t_opt = atoi (argv[j+1]);
data/direwolf-1.5+dfsg/direwolf.c:373:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:399:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
B_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:415:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
D_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:430:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:441:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:452:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:553:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
E_rx_opt = atoi(optarg+1);
data/direwolf-1.5+dfsg/direwolf.c:561:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
E_tx_opt = atoi(optarg);
data/direwolf-1.5+dfsg/direwolf.c:863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[500];
data/direwolf-1.5+dfsg/direwolf.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heard[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/direwolf.c:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char display_retries[32];
data/direwolf-1.5+dfsg/direwolf.c:909:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alevel_text[AX25_ALEVEL_TO_TEXT_SIZE];
data/direwolf-1.5+dfsg/direwolf.c:917:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bias[16];
data/direwolf-1.5+dfsg/direwolf.c:931:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char probably_really[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/direwolf.c:968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100]; // optional time stamp
data/direwolf-1.5+dfsg/direwolf.c:971:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstmp[100];
data/direwolf-1.5+dfsg/direwolf.c:1013:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[80];
data/direwolf-1.5+dfsg/direwolf.c:1026:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info2text[150];
data/direwolf-1.5+dfsg/direwolf.c:1135:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fbuf[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/dlq.c:476:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_connect_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client, int pid)
data/direwolf-1.5+dfsg/dlq.c:531:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_disconnect_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client)
data/direwolf-1.5+dfsg/dlq.c:592:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_xmit_data_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client, int pid, char *xdata_ptr, int xdata_len)
data/direwolf-1.5+dfsg/dlq.c:655:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_register_callsign (char addr[AX25_MAX_ADDR_LEN], int chan, int client)
data/direwolf-1.5+dfsg/dlq.c:685:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_unregister_callsign (char addr[AX25_MAX_ADDR_LEN], int chan, int client)
data/direwolf-1.5+dfsg/dlq.c:1141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cdata->data, data, len);
data/direwolf-1.5+dfsg/dlq.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spectrum[MAX_SUBCHANS*MAX_SLICERS+1]; /* "Spectrum" display for multi-decoders. */
data/direwolf-1.5+dfsg/dlq.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/dlq.h:107:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_connect_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client, int pid);
data/direwolf-1.5+dfsg/dlq.h:109:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_disconnect_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client);
data/direwolf-1.5+dfsg/dlq.h:111:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_xmit_data_request (char addrs[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN], int num_addr, int chan, int client, int pid, char *xdata_ptr, int xdata_len);
data/direwolf-1.5+dfsg/dlq.h:113:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_register_callsign (char addr[AX25_MAX_ADDR_LEN], int chan, int client);
data/direwolf-1.5+dfsg/dlq.h:115:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void dlq_unregister_callsign (char addr[AX25_MAX_ADDR_LEN], int chan, int client);
data/direwolf-1.5+dfsg/dtime_now.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, tm, sizeof(struct tm));
data/direwolf-1.5+dfsg/dtime_now.c:136:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strms[16];
data/direwolf-1.5+dfsg/dtime_now.c:139:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strms, ".%03d", ms);
data/direwolf-1.5+dfsg/dtime_now.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strms[16];
data/direwolf-1.5+dfsg/dtime_now.c:225:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (strms, "-%03d", ms);
data/direwolf-1.5+dfsg/dtmf.c:212:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char rc2char[16] = { '1', '2', '3', 'A',
data/direwolf-1.5+dfsg/dtmf.c:410:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[100];
data/direwolf-1.5+dfsg/dwgps.c:174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (gpsinfo, &s_dwgps_info, sizeof(*gpsinfo));
data/direwolf-1.5+dfsg/dwgpsd.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sport[12];
data/direwolf-1.5+dfsg/dwgpsd.c:418:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config.gpsd_port = atoi(DEFAULT_GPSD_PORT);
data/direwolf-1.5+dfsg/dwgpsnmea.c:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gps_msg[NMEA_MAX_LEN];
data/direwolf-1.5+dfsg/dwgpsnmea.c:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[NMEA_MAX_LEN]; /* Make copy because parsing is destructive. */
data/direwolf-1.5+dfsg/dwgpsnmea.c:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[NMEA_MAX_LEN]; /* Make copy because parsing is destructive. */
data/direwolf-1.5+dfsg/encode_aprs.c:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lat[8];
data/direwolf-1.5+dfsg/encode_aprs.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon[9];
data/direwolf-1.5+dfsg/encode_aprs.c:149:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char y[4]; /* Compressed Latitude. */
data/direwolf-1.5+dfsg/encode_aprs.c:150:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[4]; /* Compressed Longitude. */
data/direwolf-1.5+dfsg/encode_aprs.c:356:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cse[3];
data/direwolf-1.5+dfsg/encode_aprs.c:358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spd[3];
data/direwolf-1.5+dfsg/encode_aprs.c:365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[8];
data/direwolf-1.5+dfsg/encode_aprs.c:379:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r->cse, stemp, 3);
data/direwolf-1.5+dfsg/encode_aprs.c:387:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r->spd, stemp, 3);
data/direwolf-1.5+dfsg/encode_aprs.c:433:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[16];
data/direwolf-1.5+dfsg/encode_aprs.c:446:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[12];
data/direwolf-1.5+dfsg/encode_aprs.c:459:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[12];
data/direwolf-1.5+dfsg/encode_aprs.c:585:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[12];
data/direwolf-1.5+dfsg/encode_aprs.c:660:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/direwolf-1.5+dfsg/encode_aprs.c:662:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_stamp[7];
data/direwolf-1.5+dfsg/encode_aprs.c:687:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p->o.name, name, n);
data/direwolf-1.5+dfsg/encode_aprs.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[100];
data/direwolf-1.5+dfsg/gen_packets.c:107:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fbuf[AX25_MAX_PACKET_LEN+2];
data/direwolf-1.5+dfsg/gen_packets.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_file[256]; /* -o option */
data/direwolf-1.5+dfsg/gen_packets.c:237:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modem.achan[0].baud = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:255:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modem.achan[0].baud = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:318:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modem.achan[0].mark_freq = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:330:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modem.achan[0].space_freq = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:342:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packet_count = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:350:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
amplitude = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:362:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
modem.adev[0].samples_per_sec = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:375:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
leading_zeros = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:418:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_morse_wpm = atoi(optarg);
data/direwolf-1.5+dfsg/gen_packets.c:570:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[400];
data/direwolf-1.5+dfsg/gen_packets.c:588:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input_fp = fopen(argv[optind], "r");
data/direwolf-1.5+dfsg/gen_packets.c:628:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[88];
data/direwolf-1.5+dfsg/gen_packets.c:750:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char riff[4]; /* "RIFF" */
data/direwolf-1.5+dfsg/gen_packets.c:752:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wave[4]; /* "WAVE" */
data/direwolf-1.5+dfsg/gen_packets.c:753:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[4]; /* "fmt " */
data/direwolf-1.5+dfsg/gen_packets.c:761:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4]; /* "data" */
data/direwolf-1.5+dfsg/gen_packets.c:799:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fp = fopen (fname, "wb");
data/direwolf-1.5+dfsg/gen_packets.c:809:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header.riff, "RIFF", (size_t)4);
data/direwolf-1.5+dfsg/gen_packets.c:811:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header.wave, "WAVE", (size_t)4);
data/direwolf-1.5+dfsg/gen_packets.c:812:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header.fmt, "fmt ", (size_t)4);
data/direwolf-1.5+dfsg/gen_packets.c:822:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header.data, "data", (size_t)4);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MGRS_Ellipsoid_Code[3] = {'W','E',0};
data/direwolf-1.5+dfsg/geotranz/mgrs.c:401:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf (MGRS+i,"%2.2ld",Zone);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:412:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf (MGRS+i, "%*.*ld", (int)Precision, (int)Precision, east);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:417:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf (MGRS+i, "%*.*ld", (int)Precision, (int)Precision, north);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:455:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_string[3];
data/direwolf-1.5+dfsg/geotranz/mgrs.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char east_string[6];
data/direwolf-1.5+dfsg/geotranz/mgrs.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char north_string[6];
data/direwolf-1.5+dfsg/geotranz/usng.c:152:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char USNG_Ellipsoid_Code[3] = {'W','E',0};
data/direwolf-1.5+dfsg/geotranz/usng.c:368:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf (USNG+i,"%2.2ld",Zone);
data/direwolf-1.5+dfsg/geotranz/usng.c:379:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf (USNG+i, "%*.*ld", (int)Precision, (int)Precision, east);
data/direwolf-1.5+dfsg/geotranz/usng.c:384:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i += sprintf (USNG+i, "%*.*ld", (int)Precision, (int)Precision, north);
data/direwolf-1.5+dfsg/geotranz/usng.c:422:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zone_string[3];
data/direwolf-1.5+dfsg/geotranz/usng.c:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char east_string[6];
data/direwolf-1.5+dfsg/geotranz/usng.c:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char north_string[6];
data/direwolf-1.5+dfsg/hdlc_rec.c:97:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_buf[MAX_FRAME_LEN];
data/direwolf-1.5+dfsg/hdlc_rec2.c:155:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_buf[MAX_FRAME_LEN];
data/direwolf-1.5+dfsg/hdlc_rec2.c:931:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[7];
data/direwolf-1.5+dfsg/igate.c:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_port_str[12]; /* text form of port number */
data/direwolf-1.5+dfsg/igate.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[46]; /* text form of IP address */
data/direwolf-1.5+dfsg/igate.c:788:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/igate.c:828:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heartbeat[10];
data/direwolf-1.5+dfsg/igate.c:929:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char via[AX25_MAX_ADDR_LEN]; /* includes ssid. Do we want to ignore it? */
data/direwolf-1.5+dfsg/igate.c:966:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char via[AX25_MAX_ADDR_LEN]; /* includes ssid. Do we want to ignore it? */
data/direwolf-1.5+dfsg/igate.c:1070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[IGATE_MAX_MSG];
data/direwolf-1.5+dfsg/igate.c:1195:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg + msg_len, pinfo, info_len);
data/direwolf-1.5+dfsg/igate.c:1238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[IGATE_MAX_MSG+1];
data/direwolf-1.5+dfsg/igate.c:1252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stemp, imsg, stemp_len);
data/direwolf-1.5+dfsg/igate.c:1372:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[1000]; // Spec says max 512.
data/direwolf-1.5+dfsg/igate.c:1667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[AX25_MAX_PACKET_LEN]; /* what is max len? */
data/direwolf-1.5+dfsg/igate.c:1668:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN]; /* Source address. */
data/direwolf-1.5+dfsg/igate.c:1702:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char via[AX25_MAX_ADDR_LEN]; /* includes ssid. Do we want to ignore it? */
data/direwolf-1.5+dfsg/igate.c:1866:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radio [500];
data/direwolf-1.5+dfsg/igate.c:2022:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2023:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2053:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2054:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2303:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char ig2tx_chan[IG2TX_HISTORY_MAX];
data/direwolf-1.5+dfsg/igate.c:2325:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2326:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2369:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.c:2370:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/igate.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2_server_name[40]; /* Tier 2 IGate server name. */
data/direwolf-1.5+dfsg/igate.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2_login[AX25_MAX_ADDR_LEN];/* e.g. WA9XYZ-15 */
data/direwolf-1.5+dfsg/igate.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2_passcode[8]; /* Max. 5 digits. Could be "-1". */
data/direwolf-1.5+dfsg/igate.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tx_via[80]; /* VIA path for transmitting third party packets. */
data/direwolf-1.5+dfsg/kiss.c:146:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pt_slave_name[32]; /* Pseudo terminal slave name */
data/direwolf-1.5+dfsg/kiss.c:324:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pt_slave_fd = open(pt_slave_name, O_RDWR|O_NOCTTY);
data/direwolf-1.5+dfsg/kiss.c:394:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_buff[2 * AX25_MAX_PACKET_LEN + 2];
data/direwolf-1.5+dfsg/kiss.c:413:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stemp[AX25_MAX_PACKET_LEN + 1];
data/direwolf-1.5+dfsg/kiss.c:422:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stemp+1, fbuf, flen);
data/direwolf-1.5+dfsg/kiss_frame.c:438:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char unwrapped[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/kiss_frame.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response[100];
data/direwolf-1.5+dfsg/kiss_frame.c:877:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *direction [2] = { "from", "to" };
data/direwolf-1.5+dfsg/kiss_frame.c:878:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *prefix [2] = { "<<<", ">>>" };
data/direwolf-1.5+dfsg/kiss_frame.c:879:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *function[16] = {
data/direwolf-1.5+dfsg/kiss_frame.c:928:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char din[512];
data/direwolf-1.5+dfsg/kiss_frame.c:929:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kissed[520];
data/direwolf-1.5+dfsg/kiss_frame.c:930:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dout[520];
data/direwolf-1.5+dfsg/kiss_frame.h:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_msg[MAX_KISS_LEN];
data/direwolf-1.5+dfsg/kiss_frame.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char noise[MAX_NOISE_LEN];
data/direwolf-1.5+dfsg/kissnet.c:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kiss_port_str[12];
data/direwolf-1.5+dfsg/kissnet.c:556:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_buff[2 * AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/kissnet.c:607:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stemp[AX25_MAX_PACKET_LEN + 1];
data/direwolf-1.5+dfsg/kissnet.c:612:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stemp+1, fbuf, flen);
data/direwolf-1.5+dfsg/kissserial.c:277:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_buff[2 * AX25_MAX_PACKET_LEN + 2];
data/direwolf-1.5+dfsg/kissserial.c:299:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stemp[AX25_MAX_PACKET_LEN + 1];
data/direwolf-1.5+dfsg/kissserial.c:308:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stemp+1, fbuf, flen);
data/direwolf-1.5+dfsg/kissutil.c:101:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hostname[50] = "localhost"; /* -h option. */
data/direwolf-1.5+dfsg/kissutil.c:107:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char port[30] = "8001"; /* -p option. */
data/direwolf-1.5+dfsg/kissutil.c:128:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char transmit_from[120] = ""; /* -f option */
data/direwolf-1.5+dfsg/kissutil.c:133:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char receive_output[120] = ""; /* -o option */
data/direwolf-1.5+dfsg/kissutil.c:138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char timestamp_format[60] = ""; /* -T option */
data/direwolf-1.5+dfsg/kissutil.c:224:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serial_speed = atoi(optarg);
data/direwolf-1.5+dfsg/kissutil.c:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[1000];
data/direwolf-1.5+dfsg/kissutil.c:332:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path [300];
data/direwolf-1.5+dfsg/kissutil.c:342:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (path, "r");
data/direwolf-1.5+dfsg/kissutil.c:411:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(str);
data/direwolf-1.5+dfsg/kissutil.c:438:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan = atoi(p);
data/direwolf-1.5+dfsg/kissutil.c:442:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chan = atoi(p);
data/direwolf-1.5+dfsg/kissutil.c:469:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame_data[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/kissutil.c:546:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[1000];
data/direwolf-1.5+dfsg/kissutil.c:547:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kissed[2000];
data/direwolf-1.5+dfsg/kissutil.c:567:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (temp+1, data, dlen);
data/direwolf-1.5+dfsg/kissutil.c:614:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[SOCK_IPADDR_LEN]; // Text form of IP address.
data/direwolf-1.5+dfsg/kissutil.c:615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[4096];
data/direwolf-1.5+dfsg/kissutil.c:777:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[100]; // Channel and optional timestamp.
data/direwolf-1.5+dfsg/kissutil.c:780:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrs[AX25_MAX_ADDRS*AX25_MAX_ADDR_LEN]; // Like source>dest,digi,...,digi:
data/direwolf-1.5+dfsg/kissutil.c:785:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100];
data/direwolf-1.5+dfsg/kissutil.c:818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname [30];
data/direwolf-1.5+dfsg/kissutil.c:819:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path [300];
data/direwolf-1.5+dfsg/kissutil.c:830:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (path, "w");
data/direwolf-1.5+dfsg/latlong.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smin[8]; /* Minutes in format mm.mm */
data/direwolf-1.5+dfsg/latlong.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smin[8]; /* Minutes in format mm.mm */
data/direwolf-1.5+dfsg/latlong.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smin[10]; /* Minutes in format mm.mmmm */
data/direwolf-1.5+dfsg/latlong.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smin[10]; /* Minutes in format mm.mmmm */
data/direwolf-1.5+dfsg/latlong.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mh[16]; /* Local copy, changed to upper case. */
data/direwolf-1.5+dfsg/latlong.c:761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mh[16];
data/direwolf-1.5+dfsg/latlong.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[20];
data/direwolf-1.5+dfsg/ll2utm.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mgrs[32];
data/direwolf-1.5+dfsg/ll2utm.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usng[32];
data/direwolf-1.5+dfsg/ll2utm.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/direwolf-1.5+dfsg/log.c:123:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_log_path[80];
data/direwolf-1.5+dfsg/log.c:125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char g_open_fname[20];
data/direwolf-1.5+dfsg/log.c:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[20];
data/direwolf-1.5+dfsg/log.c:248:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[120];
data/direwolf-1.5+dfsg/log.c:268:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_log_fp = fopen (full_path, "a");
data/direwolf-1.5+dfsg/log.c:307:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
g_log_fp = fopen (g_log_path, "a");
data/direwolf-1.5+dfsg/log.c:331:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itime[24];
data/direwolf-1.5+dfsg/log.c:332:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heard[AX25_MAX_ADDR_LEN+1];
data/direwolf-1.5+dfsg/log.c:334:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/log.c:335:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slat[16], slon[16], sspd[12], scse[12], salt[12];
data/direwolf-1.5+dfsg/log.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sfreq[20], soffs[10], stone[10];
data/direwolf-1.5+dfsg/log.c:337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdti[10];
data/direwolf-1.5+dfsg/log.c:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[24];
data/direwolf-1.5+dfsg/log.c:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ssymbol[8];
data/direwolf-1.5+dfsg/log.c:340:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smfr[60];
data/direwolf-1.5+dfsg/log.c:341:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sstatus[40];
data/direwolf-1.5+dfsg/log.c:342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stelemetry[200];
data/direwolf-1.5+dfsg/log.c:343:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scomment[256];
data/direwolf-1.5+dfsg/log.c:344:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alevel_text[32];
data/direwolf-1.5+dfsg/log.c:445:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heard[AX25_MAX_ADDR_LEN+1];
data/direwolf-1.5+dfsg/log.c:446:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smfr[60];
data/direwolf-1.5+dfsg/log2gpx.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time[20+1+3];
data/direwolf-1.5+dfsg/log2gpx.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9+1+2];
data/direwolf-1.5+dfsg/log2gpx.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[32]; /* freq/offset/tone something like 146.955 MHz -600k PL 74.4 */
data/direwolf-1.5+dfsg/log2gpx.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[80]; /* Combined mic-e status and comment text */
data/direwolf-1.5+dfsg/log2gpx.c:90:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen (argv[n], "r");
data/direwolf-1.5+dfsg/log2gpx.c:159:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw[500];
data/direwolf-1.5+dfsg/log2gpx.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char csv[500];
data/direwolf-1.5+dfsg/log2gpx.c:263:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[16], desc[32], comment[256];
data/direwolf-1.5+dfsg/log2gpx.c:286:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(poffset);
data/direwolf-1.5+dfsg/log2gpx.c:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_name[30];
data/direwolf-1.5+dfsg/log2gpx.c:479:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_comment[120];
data/direwolf-1.5+dfsg/mgn_icon.h:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char mgn_primary_symtab[SYMTAB_SIZE][3] = {
data/direwolf-1.5+dfsg/mgn_icon.h:179:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char mgn_alternate_symtab[SYMTAB_SIZE][3] = {
data/direwolf-1.5+dfsg/mheard.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[AX25_MAX_ADDR_LEN]; // Callsign from the AX.25 source field.
data/direwolf-1.5+dfsg/mheard.c:201:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, "- ");
data/direwolf-1.5+dfsg/mheard.c:210:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "%4d:%02d", h, m);
data/direwolf-1.5+dfsg/mheard.c:218:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (result, "%6.2f %7.2f", dlat, dlon);
data/direwolf-1.5+dfsg/mheard.c:221:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (result, " - - ");
data/direwolf-1.5+dfsg/mheard.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[80];
data/direwolf-1.5+dfsg/mheard.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rf[16]; // hours:minutes
data/direwolf-1.5+dfsg/mheard.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is[16];
data/direwolf-1.5+dfsg/mheard.c:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position[40];
data/direwolf-1.5+dfsg/mheard.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/mheard.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/morse.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[8]; /* $ has 7 elements */
data/direwolf-1.5+dfsg/multi_modem.c:568:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spectrum[MAX_SUBCHANS*MAX_SLICERS+1];
data/direwolf-1.5+dfsg/pfilter.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filter_str[MAX_FILTER_LEN];
data/direwolf-1.5+dfsg/pfilter.c:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token_str[MAX_TOKEN_LEN]; /* Printable string representation for use in error messages. */
data/direwolf-1.5+dfsg/pfilter.c:550:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:580:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:587:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[100];
data/direwolf-1.5+dfsg/pfilter.c:591:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "no digipeater path");
data/direwolf-1.5+dfsg/pfilter.c:608:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:615:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[100];
data/direwolf-1.5+dfsg/pfilter.c:619:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (path, "no digipeater path");
data/direwolf-1.5+dfsg/pfilter.c:653:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:690:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdist[30];
data/direwolf-1.5+dfsg/pfilter.c:691:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sdist, "unknown distance");
data/direwolf-1.5+dfsg/pfilter.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[80];
data/direwolf-1.5+dfsg/pfilter.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_TOKEN_LEN];
data/direwolf-1.5+dfsg/pfilter.c:788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[2];
data/direwolf-1.5+dfsg/pfilter.c:862:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:1020:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_TOKEN_LEN];
data/direwolf-1.5+dfsg/pfilter.c:1022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[2];
data/direwolf-1.5+dfsg/pfilter.c:1059:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sdist, "%.2f km", km);
data/direwolf-1.5+dfsg/pfilter.c:1137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_TOKEN_LEN];
data/direwolf-1.5+dfsg/pfilter.c:1139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[2]; // Delimiter character. Typically / but it could be different.
data/direwolf-1.5+dfsg/pfilter.c:1328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[MAX_TOKEN_LEN];
data/direwolf-1.5+dfsg/pfilter.c:1330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sep[2];
data/direwolf-1.5+dfsg/pfilter.c:1343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/pfilter.c:1360:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
heardtime = atoi(v);
data/direwolf-1.5+dfsg/pfilter.c:1371:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxhops = atoi(v);
data/direwolf-1.5+dfsg/pfilter.c:1497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intro[50];
data/direwolf-1.5+dfsg/ptt.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/direwolf-1.5+dfsg/ptt.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpio_direction_path[80];
data/direwolf-1.5+dfsg/ptt.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpio_value_path[80];
data/direwolf-1.5+dfsg/ptt.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[16];
data/direwolf-1.5+dfsg/ptt.c:441:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(gpio_export_path, O_WRONLY);
data/direwolf-1.5+dfsg/ptt.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lookfor[16];
data/direwolf-1.5+dfsg/ptt.c:575:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(gpio_direction_path, O_WRONLY);
data/direwolf-1.5+dfsg/ptt.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpio_val[8];
data/direwolf-1.5+dfsg/ptt.c:674:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char otnames[NUM_OCTYPES][8];
data/direwolf-1.5+dfsg/ptt.c:741:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi (audio_config_p->achan[ch].octrl[ot].ptt_device + 3);
data/direwolf-1.5+dfsg/ptt.c:772:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bettername[50];
data/direwolf-1.5+dfsg/ptt.c:779:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(bettername+3);
data/direwolf-1.5+dfsg/ptt.c:793:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (audio_config_p->achan[ch].octrl[ot].ptt_device, O_RDONLY | O_NONBLOCK);
data/direwolf-1.5+dfsg/ptt.c:925:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/port", O_RDWR | O_NDELAY);
data/direwolf-1.5+dfsg/ptt.c:1192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpio_value_path[80];
data/direwolf-1.5+dfsg/ptt.c:1193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[16];
data/direwolf-1.5+dfsg/ptt.c:1197:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(gpio_value_path, O_WRONLY);
data/direwolf-1.5+dfsg/ptt.c:1327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gpio_value_path[80];
data/direwolf-1.5+dfsg/ptt.c:1333:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(gpio_value_path, O_RDONLY);
data/direwolf-1.5+dfsg/ptt.c:1342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vtemp[2];
data/direwolf-1.5+dfsg/ptt.c:1352:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(vtemp) != save_audio_config_p->achan[chan].ictrl[it].invert) {
data/direwolf-1.5+dfsg/regex/regcomp.c:382:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/direwolf-1.5+dfsg/regex/regcomp.c:538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, errbuf_size - 1);
data/direwolf-1.5+dfsg/regex/regcomp.c:543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (errbuf, msg, msg_size);
data/direwolf-1.5+dfsg/regex/regcomp.c:2586:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t cmp_buf[6] = {L'\0', L'\0', L'\0', L'\0', L'\0', L'\0'};
data/direwolf-1.5+dfsg/regex/regcomp.c:3042:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char start_name_buf[BRACKET_NAME_BUF_SIZE];
data/direwolf-1.5+dfsg/regex/regcomp.c:3043:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char end_name_buf[BRACKET_NAME_BUF_SIZE];
data/direwolf-1.5+dfsg/regex/regcomp.c:3361:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char char_buf[2];
data/direwolf-1.5+dfsg/regex/regex.h:566:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *__restrict __string, size_t __nmatch,
data/direwolf-1.5+dfsg/regex/regex_internal.c:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MB_LEN_MAX];
data/direwolf-1.5+dfsg/regex/regex_internal.c:202:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/direwolf-1.5+dfsg/regex/regex_internal.c:270:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MB_LEN_MAX];
data/direwolf-1.5+dfsg/regex/regex_internal.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/direwolf-1.5+dfsg/regex/regex_internal.c:315:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx, buf, mbclen);
data/direwolf-1.5+dfsg/regex/regex_internal.c:323:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx,
data/direwolf-1.5+dfsg/regex/regex_internal.c:383:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx, buf, mbclen);
data/direwolf-1.5+dfsg/regex/regex_internal.c:408:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx, buf, mbcdlen);
data/direwolf-1.5+dfsg/regex/regex_internal.c:427:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx, p, mbclen);
data/direwolf-1.5+dfsg/regex/regex_internal.c:430:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pstr->mbs + byte_idx, p, mbclen);
data/direwolf-1.5+dfsg/regex/regex_internal.c:723:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6];
data/direwolf-1.5+dfsg/regex/regex_internal.c:1025:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems, src->elems, src->nelem * sizeof (int));
data/direwolf-1.5+dfsg/regex/regex_internal.c:1119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems, dest->elems + sbase, delta * sizeof (int));
data/direwolf-1.5+dfsg/regex/regex_internal.c:1163:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + id, src1->elems + i1,
data/direwolf-1.5+dfsg/regex/regex_internal.c:1169:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + id, src2->elems + i2,
data/direwolf-1.5+dfsg/regex/regex_internal.c:1200:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems, src->elems, src->nelem * sizeof (int));
data/direwolf-1.5+dfsg/regex/regex_internal.c:1221:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems + sbase, src->elems, (is + 1) * sizeof (int));
data/direwolf-1.5+dfsg/regex/regex_internal.c:1249:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest->elems, dest->elems + sbase,
data/direwolf-1.5+dfsg/regex/regex_internal.h:155:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bitset_copy(dest,src) memcpy (dest, src, sizeof (bitset_t))
data/direwolf-1.5+dfsg/regex/regexec.c:400:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (__mempcpy (s, string1, length1), string2, length2);
data/direwolf-1.5+dfsg/regex/regexec.c:402:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, string1, length1);
data/direwolf-1.5+dfsg/regex/regexec.c:403:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s + length1, string2, length2);
data/direwolf-1.5+dfsg/regex/regexec.c:1377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fs->stack[num].regs, regs, sizeof (regmatch_t) * nregs);
data/direwolf-1.5+dfsg/regex/regexec.c:1390:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (regs, fs->stack[num].regs, sizeof (regmatch_t) * nregs);
data/direwolf-1.5+dfsg/regex/regexec.c:1444:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prev_idx_match, pmatch, sizeof (regmatch_t) * nmatch);
data/direwolf-1.5+dfsg/regex/regexec.c:1554:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (prev_idx_match, pmatch, sizeof (regmatch_t) * nmatch);
data/direwolf-1.5+dfsg/regex/regexec.c:1565:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pmatch, prev_idx_match, sizeof (regmatch_t) * nmatch);
data/direwolf-1.5+dfsg/rpack.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[3]; // Total size should be 24 bytes if no gaps.
data/direwolf-1.5+dfsg/rpack.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[24];
data/direwolf-1.5+dfsg/rrbb.h:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fdata[MAX_NUM_BITS];
data/direwolf-1.5+dfsg/serial_port.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bettername[50];
data/direwolf-1.5+dfsg/serial_port.c:109:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(devicename+3);
data/direwolf-1.5+dfsg/serial_port.c:193:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linuxname[50];
data/direwolf-1.5+dfsg/serial_port.c:207:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi (devicename + 3);
data/direwolf-1.5+dfsg/serial_port.c:215:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (linuxname, O_RDWR);
data/direwolf-1.5+dfsg/server.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_from[10];
data/direwolf-1.5+dfsg/server.c:262:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_to[10];
data/direwolf-1.5+dfsg/server.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char direction [10];
data/direwolf-1.5+dfsg/server.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datakind[80];
data/direwolf-1.5+dfsg/server.c:325:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *prefix [2] = { "<<<", ">>>" };
data/direwolf-1.5+dfsg/server.c:537:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server_port_str[12];
data/direwolf-1.5+dfsg/server.c:783:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1+AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/server.c:814:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (agwpe_msg.data + 1, fbuf, (size_t)flen);
data/direwolf-1.5+dfsg/server.c:893:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char via[AX25_MAX_REPEATERS*(AX25_MAX_ADDR_LEN+1)];
data/direwolf-1.5+dfsg/server.c:894:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_ADDR_LEN+1];
data/direwolf-1.5+dfsg/server.c:981:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[100];
data/direwolf-1.5+dfsg/server.c:1039:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[100];
data/direwolf-1.5+dfsg/server.c:1092:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[AX25_MAX_INFO_LEN]; // I suppose there is potential for something larger.
data/direwolf-1.5+dfsg/server.c:1116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (reply.info, data_ptr, data_len);
data/direwolf-1.5+dfsg/server.c:1223:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[512]; /* Additional data used by some commands. */
data/direwolf-1.5+dfsg/server.c:1365:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[200];
data/direwolf-1.5+dfsg/server.c:1397:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[100];
data/direwolf-1.5+dfsg/server.c:1400:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *names[8] = { "first", "second", "third", "fourth", "fifth", "sixth", "seventh", "eighth" };
data/direwolf-1.5+dfsg/server.c:1484:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[100];
data/direwolf-1.5+dfsg/server.c:1532:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_PACKET_LEN+2];
data/direwolf-1.5+dfsg/server.c:1695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dcall[7][10];
data/direwolf-1.5+dfsg/server.c:1708:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsigns[AX25_MAX_ADDRS][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/server.c:1751:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsigns[2][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/server.c:1765:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsigns[2][AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/server.c:1822:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/server.c:1880:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/server.c:1881:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/sock.c:163:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sock_connect (char *hostname, char *port, char *description, int allow_ipv6, int debug, char ipaddr_str[SOCK_IPADDR_LEN])
data/direwolf-1.5+dfsg/sock.c:163:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sock_connect (char *hostname, char *port, char *description, int allow_ipv6, int debug, char ipaddr_str[SOCK_IPADDR_LEN])
data/direwolf-1.5+dfsg/sock.c:163:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sock_connect (char *hostname, char *port, char *description, int allow_ipv6, int debug, char ipaddr_str[SOCK_IPADDR_LEN])
data/direwolf-1.5+dfsg/sock.c:163:93: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int sock_connect (char *hostname, char *port, char *description, int allow_ipv6, int debug, char ipaddr_str[SOCK_IPADDR_LEN])
data/direwolf-1.5+dfsg/symbols.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xy[3];
data/direwolf-1.5+dfsg/symbols.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xy[3];
data/direwolf-1.5+dfsg/symbols.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[NEW_SYM_DESC_LEN+1];
data/direwolf-1.5+dfsg/symbols.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stuff[200];
data/direwolf-1.5+dfsg/symbols.c:368:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(search_locations[j++], "r");
data/direwolf-1.5+dfsg/symbols.c:469:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tones[12];
data/direwolf-1.5+dfsg/symbols.c:538:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char ssid_to_sym[16] = {
data/direwolf-1.5+dfsg/symbols.c:576:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nn = atoi(dest+4);
data/direwolf-1.5+dfsg/symbols.c:592:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nn = atoi(dest+4);
data/direwolf-1.5+dfsg/symbols.c:609:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xy[3];
data/direwolf-1.5+dfsg/symbols.c:635:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xy[3];
data/direwolf-1.5+dfsg/symbols.c:667:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ssid = atoi(p+1);
data/direwolf-1.5+dfsg/symbols.c:752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp2[2];
data/direwolf-1.5+dfsg/symbols.c:933:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2];
data/direwolf-1.5+dfsg/symbols.c:934:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tt[8];
data/direwolf-1.5+dfsg/symbols.c:962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[8];
data/direwolf-1.5+dfsg/symbols.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[50];
data/direwolf-1.5+dfsg/telemetry.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char station[AX25_MAX_ADDR_LEN]; /* Station name with optional SSID. */
data/direwolf-1.5+dfsg/telemetry.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char project[40]; /* Description for data. */
data/direwolf-1.5+dfsg/telemetry.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[T_NUM_ANALOG+T_NUM_DIGITAL][T_STR_LEN];
data/direwolf-1.5+dfsg/telemetry.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unit[T_NUM_ANALOG+T_NUM_DIGITAL][T_STR_LEN];
data/direwolf-1.5+dfsg/telemetry.c:267:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/telemetry.c:333:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seq = atoi(p);
data/direwolf-1.5+dfsg/telemetry.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/telemetry.c:651:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/telemetry.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/telemetry.c:924:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void fval_to_str (float x, int ndp, char str[VAL_STR_SIZE])
data/direwolf-1.5+dfsg/telemetry.c:934:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void ival_to_str (int x, char str[VAL_STR_SIZE])
data/direwolf-1.5+dfsg/telemetry.c:947:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val_str[VAL_STR_SIZE];
data/direwolf-1.5+dfsg/telemetry.c:1064:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[120];
data/direwolf-1.5+dfsg/telemetry.c:1065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[40];
data/direwolf-1.5+dfsg/textcolor.c:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BSIZE];
data/direwolf-1.5+dfsg/tq.c:966:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_source[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/tq.c:971:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame_dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/tt_text.c:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char translate[10][4] = {
data/direwolf-1.5+dfsg/tt_text.c:126:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char call10encoding[10][4] = {
data/direwolf-1.5+dfsg/tt_text.c:145:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char grid[10][10][3] =
data/direwolf-1.5+dfsg/tt_text.c:395:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int tt_letter_to_two_digits (char c, int quiet, char buttons[3])
data/direwolf-1.5+dfsg/tt_text.c:395:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int tt_letter_to_two_digits (char c, int quiet, char buttons[3])
data/direwolf-1.5+dfsg/tt_text.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padded[8];
data/direwolf-1.5+dfsg/tt_text.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[11];
data/direwolf-1.5+dfsg/tt_text.c:578:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uc[3];
data/direwolf-1.5+dfsg/tt_text.c:630:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char btemp[8];
data/direwolf-1.5+dfsg/tt_text.c:936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp2[2];
data/direwolf-1.5+dfsg/tt_text.c:1039:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packed = atoi(buttons+6);
data/direwolf-1.5+dfsg/tt_text.c:1138:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
packed = atoi(buttons+3);
data/direwolf-1.5+dfsg/tt_text.c:1261:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2[2];
data/direwolf-1.5+dfsg/tt_text.c:1275:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d3[3];
data/direwolf-1.5+dfsg/tt_text.c:1360:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b3[3];
data/direwolf-1.5+dfsg/tt_text.c:1370:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b3[3];
data/direwolf-1.5+dfsg/tt_text.c:1528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/direwolf-1.5+dfsg/tt_text.c:1594:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1000], buttons[2000];
data/direwolf-1.5+dfsg/tt_text.c:1662:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttons[2000], text[1000];
data/direwolf-1.5+dfsg/tt_text.c:1735:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buttons[100];
data/direwolf-1.5+dfsg/tt_text.c:1758:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[100];
data/direwolf-1.5+dfsg/tt_user.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char callsign[MAX_CALLSIGN_LEN+1]; /* Callsign of station heard. */
data/direwolf-1.5+dfsg/tt_user.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digit_suffix[3+1]; /* Suffix abbreviation as 3 digits. */
data/direwolf-1.5+dfsg/tt_user.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_text[24]; /* Text representation of location when a single */
data/direwolf-1.5+dfsg/tt_user.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char freq[12]; /* Frequency in format 999.999MHz */
data/direwolf-1.5+dfsg/tt_user.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctcss[5]; /* CTCSS tone. Exactly 3 digits for integer part. */
data/direwolf-1.5+dfsg/tt_user.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[MAX_COMMENT_LEN+1]; /* Free form comment from user. */
data/direwolf-1.5+dfsg/tt_user.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dao[8]; /* Enhanced position information. */
data/direwolf-1.5+dfsg/tt_user.c:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char etemp[1000];
data/direwolf-1.5+dfsg/tt_user.c:434:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char two_key[50];
data/direwolf-1.5+dfsg/tt_user.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char object_name[20]; // xxxxxxxxx or xxxxxx-nn
data/direwolf-1.5+dfsg/tt_user.c:723:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info_comment[200]; // usercomment [locationtext] /status !DAO!
data/direwolf-1.5+dfsg/tt_user.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char object_info[250]; // info part of Object Report packet
data/direwolf-1.5+dfsg/tt_user.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[300]; // src>dest,path:object_info
data/direwolf-1.5+dfsg/tt_user.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c4[4];
data/direwolf-1.5+dfsg/tt_user.c:745:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp8[8];
data/direwolf-1.5+dfsg/tt_user.c:891:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fbuf[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/tt_user.c:931:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *letters[26] = {
data/direwolf-1.5+dfsg/tt_user.c:960:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *digits[10] = {
data/direwolf-1.5+dfsg/tt_user.c:990:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[256];
data/direwolf-1.5+dfsg/tt_user.c:991:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2[2];
data/direwolf-1.5+dfsg/ttcalc.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_from[10];
data/direwolf-1.5+dfsg/ttcalc.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char call_to[10];
data/direwolf-1.5+dfsg/ttcalc.c:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024];
data/direwolf-1.5+dfsg/ttcalc.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[30] = "localhost";
data/direwolf-1.5+dfsg/ttcalc.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[10] = "8000";
data/direwolf-1.5+dfsg/ttcalc.c:179:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[400];
data/direwolf-1.5+dfsg/ttcalc.c:205:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reply_text[200];
data/direwolf-1.5+dfsg/ttcalc.c:210:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char frame[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/ttcalc.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr_str[46]; /* text form of IP address */
data/direwolf-1.5+dfsg/utm2ll.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szone[100];
data/direwolf-1.5+dfsg/utm2ll.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/direwolf-1.5+dfsg/walk96.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/direwolf-1.5+dfsg/walk96.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[50];
data/direwolf-1.5+dfsg/walk96.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[AX25_MAX_INFO_LEN];
data/direwolf-1.5+dfsg/walk96.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char position_report[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/walk96.c:172:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ax25_frame[AX25_MAX_PACKET_LEN];
data/direwolf-1.5+dfsg/walk96.c:192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kiss_frame[AX25_MAX_PACKET_LEN*2];
data/direwolf-1.5+dfsg/waypoint.c:186:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, "*%02X", cs & 0xff);
data/direwolf-1.5+dfsg/waypoint.c:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wname[12]; /* Waypoint name. Any , or * removed. */
data/direwolf-1.5+dfsg/waypoint.c:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slat[12]; /* DDMM.mmmm */
data/direwolf-1.5+dfsg/waypoint.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slat_ns[2]; /* N or S */
data/direwolf-1.5+dfsg/waypoint.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slong[12]; /* DDDMM.mmmm */
data/direwolf-1.5+dfsg/waypoint.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char slong_ew[2]; /* E or W */
data/direwolf-1.5+dfsg/waypoint.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcomment[256]; /* Comment. Any , or * removed. */
data/direwolf-1.5+dfsg/waypoint.c:243:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[12]; /* altitude as string, empty if unknown */
data/direwolf-1.5+dfsg/waypoint.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sspeed[12]; /* speed as string, empty if unknown */
data/direwolf-1.5+dfsg/waypoint.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scourse[12]; /* course as string, empty if unknown */
data/direwolf-1.5+dfsg/waypoint.c:248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sentence[500];
data/direwolf-1.5+dfsg/waypoint.c:409:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sicon[3]; /* Magellan icon string. Currently 1 or 2 characters. */
data/direwolf-1.5+dfsg/waypoint.c:522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stime[8];
data/direwolf-1.5+dfsg/waypoint.c:523:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdate[8];
data/direwolf-1.5+dfsg/waypoint.c:593:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[256];
data/direwolf-1.5+dfsg/xid.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[64];
data/direwolf-1.5+dfsg/xid.c:607:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char example[27] = {
data/direwolf-1.5+dfsg/xid.c:653:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[40]; // Currently max of 27 but things can change.
data/direwolf-1.5+dfsg/xid.c:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[150]; // I've seen 109.
data/direwolf-1.5+dfsg/xmit.c:431:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[AX25_MAX_ADDR_LEN];
data/direwolf-1.5+dfsg/xmit.c:619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[1024]; /* max size needed? */
data/direwolf-1.5+dfsg/xmit.c:950:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fbuf[AX25_MAX_PACKET_LEN+2];
data/direwolf-1.5+dfsg/xmit.c:952:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stemp[1024]; /* max size needed? */
data/direwolf-1.5+dfsg/xmit.c:980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100]; // optional time stamp.
data/direwolf-1.5+dfsg/xmit.c:983:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstmp[100];
data/direwolf-1.5+dfsg/xmit.c:1003:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[80];
data/direwolf-1.5+dfsg/xmit.c:1014:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info2text[150];
data/direwolf-1.5+dfsg/xmit.c:1097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100]; // optional time stamp.
data/direwolf-1.5+dfsg/xmit.c:1100:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstmp[100];
data/direwolf-1.5+dfsg/xmit.c:1150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2000];
data/direwolf-1.5+dfsg/xmit.c:1152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[2000];
data/direwolf-1.5+dfsg/xmit.c:1174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[1000];
data/direwolf-1.5+dfsg/xmit.c:1175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[3000];
data/direwolf-1.5+dfsg/xmit.c:1224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100]; // optional time stamp.
data/direwolf-1.5+dfsg/xmit.c:1227:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstmp[100];
data/direwolf-1.5+dfsg/xmit.c:1296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ts[100]; // optional time stamp.
data/direwolf-1.5+dfsg/xmit.c:1299:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstmp[100];
data/direwolf-1.5+dfsg/aclients.c:151:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (strlen(pStringBuf) < StringBufSize);
data/direwolf-1.5+dfsg/aclients.c:617:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(result);
data/direwolf-1.5+dfsg/aclients.c:789:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( ( n = read(fd, & ch, 1)) < 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:411:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (err == 0 && strlen(tt_config.ttcmd) > 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:430:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(script_response) > 0) ? script_response : tt_config.response[err].mtext);
data/direwolf-1.5+dfsg/aprs_tt.c:757:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(e);
data/direwolf-1.5+dfsg/aprs_tt.c:782:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (m_callsign, e+1, 3);
data/direwolf-1.5+dfsg/aprs_tt.c:813:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tttemp, e+1, len-4);
data/direwolf-1.5+dfsg/aprs_tt.c:825:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (tttemp, e+1, len-3);
data/direwolf-1.5+dfsg/aprs_tt.c:874:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(e);
data/direwolf-1.5+dfsg/aprs_tt.c:941:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(e);
data/direwolf-1.5+dfsg/aprs_tt.c:1021:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(e) == 2+10) {
data/direwolf-1.5+dfsg/aprs_tt.c:1031:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(e) == 2+5) {
data/direwolf-1.5+dfsg/aprs_tt.c:1150:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(e) == 3) { /* probably B0n --> !Tn ! */
data/direwolf-1.5+dfsg/aprs_tt.c:1154:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(e) == 4) { /* probably B9nn --> !Tnn! */
data/direwolf-1.5+dfsg/aprs_tt.c:1162:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bstr) != 3) {
data/direwolf-1.5+dfsg/aprs_tt.c:1167:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dstr) < 1) {
data/direwolf-1.5+dfsg/aprs_tt.c:1194:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xstr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1199:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ystr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1208:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_latitude = lat0 + y * (lat9-lat0) / (pow(10., strlen(ystr)) - 1.);
data/direwolf-1.5+dfsg/aprs_tt.c:1213:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_longitude = lon0 + x * (lon9-lon0) / (pow(10., strlen(xstr)) - 1.);
data/direwolf-1.5+dfsg/aprs_tt.c:1222:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xstr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ystr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1277:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xstr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1283:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ystr) == 0) {
data/direwolf-1.5+dfsg/aprs_tt.c:1334:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) != 4 && strlen(stemp) != 6 && strlen(stemp) != 10 && strlen(stemp) != 12) {
data/direwolf-1.5+dfsg/aprs_tt.c:1334:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) != 4 && strlen(stemp) != 6 && strlen(stemp) != 10 && strlen(stemp) != 12) {
data/direwolf-1.5+dfsg/aprs_tt.c:1334:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) != 4 && strlen(stemp) != 6 && strlen(stemp) != 10 && strlen(stemp) != 12) {
data/direwolf-1.5+dfsg/aprs_tt.c:1334:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) != 4 && strlen(stemp) != 6 && strlen(stemp) != 10 && strlen(stemp) != 12) {
data/direwolf-1.5+dfsg/aprs_tt.c:1360:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xstr) != 4) {
data/direwolf-1.5+dfsg/aprs_tt.c:1382:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(xstr) != 1) {
data/direwolf-1.5+dfsg/aprs_tt.c:1448:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tt_config.ttloc_ptr[ipat].pattern);
data/direwolf-1.5+dfsg/aprs_tt.c:1450:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)(strlen(e)) == len) {
data/direwolf-1.5+dfsg/aprs_tt.c:1601:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(e);
data/direwolf-1.5+dfsg/aprs_tt.c:1766:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr = result + strlen(result);
data/direwolf-1.5+dfsg/aprs_tt.c:1767:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
remaining = (int)resultsiz - strlen(result);
data/direwolf-1.5+dfsg/aprs_tt.c:1790:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pr = result + strlen(result) - 1;
data/direwolf-1.5+dfsg/aprs_tt.c:1801:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(result));
data/direwolf-1.5+dfsg/atest.c:614:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = getc(fp);
data/direwolf-1.5+dfsg/audio.c:980:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read (adev[a].oss_audio_device_fd, adev[a].inbuf_ptr, adev[a].inbuf_size_in_bytes);
data/direwolf-1.5+dfsg/audio.c:1055:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(STDIN_FILENO, adev[a].inbuf_ptr, (size_t)adev[a].inbuf_size_in_bytes);
data/direwolf-1.5+dfsg/audio.c:1264:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (10000);
data/direwolf-1.5+dfsg/audio_portaudio.c:1083:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(STDIN_FILENO, adev[a].inbuf_ptr, (size_t)adev[a].inbuf_size_in_bytes);
data/direwolf-1.5+dfsg/audio_win.c:319:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pa->adev[a].adevice_in) == 1 && isdigit(pa->adev[a].adevice_in[0])) {
data/direwolf-1.5+dfsg/audio_win.c:322:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(pa->adev[a].adevice_in) == 2 && isdigit(pa->adev[a].adevice_in[0]) && isdigit(pa->adev[a].adevice_in[1])) {
data/direwolf-1.5+dfsg/audio_win.c:328:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((UINT)(in_dev_no[a]) == WAVE_MAPPER && strlen(pa->adev[a].adevice_in) >= 1) {
data/direwolf-1.5+dfsg/audio_win.c:349:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pa->adev[a].adevice_out) == 1 && isdigit(pa->adev[a].adevice_out[0])) {
data/direwolf-1.5+dfsg/audio_win.c:352:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(pa->adev[a].adevice_out) == 2 && isdigit(pa->adev[a].adevice_out[0]) && isdigit(pa->adev[a].adevice_out[1])) {
data/direwolf-1.5+dfsg/audio_win.c:356:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((UINT)(out_dev_no[a]) == WAVE_MAPPER && strlen(pa->adev[a].adevice_out) >= 1) {
data/direwolf-1.5+dfsg/audio_win.c:888:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res = read(STDIN_FILENO, A->stream_data, 1024);
data/direwolf-1.5+dfsg/ax25_link.c:4949:116: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp = ax25_u_frame (S->addrs, S->num_addr, cmd, frame_type_U_TEST, p, nopid, (unsigned char *)info, (int)strlen(info));
data/direwolf-1.5+dfsg/ax25_pad.c:538:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pinfo) >= 6 &&
data/direwolf-1.5+dfsg/ax25_pad.c:755:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strict && strlen(in_addr) >= 2 && strncmp(in_addr, "qA", 2) == 0) {
data/direwolf-1.5+dfsg/ax25_pad.c:1900:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (result, ">");
data/direwolf-1.5+dfsg/ax25_pad.c:1909:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (result, ",");
data/direwolf-1.5+dfsg/ax25_pad.c:1912:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (result, "*");
data/direwolf-1.5+dfsg/ax25_pad.c:1916:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (result, ":");
data/direwolf-1.5+dfsg/ax25_pad.c:2109:56: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else { *cr = cr_cmd; strcpy(cr_text,"cmd"); strcpy(pf_text,"p"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2112:56: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (src_c) { *cr = cr_res; strcpy(cr_text,"res"); strcpy(pf_text,"f"); }
data/direwolf-1.5+dfsg/ax25_pad.c:2609:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crc = crc16((unsigned char *)src, strlen(src), crc);
data/direwolf-1.5+dfsg/ax25_pad.c:2610:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
crc = crc16((unsigned char *)dest, strlen(dest), crc);
data/direwolf-1.5+dfsg/ax25_pad.c:2709:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pstr);
data/direwolf-1.5+dfsg/ax25_pad2.c:893:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
info_len = strlen((char*)pinfo);
data/direwolf-1.5+dfsg/beacon.c:182:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_modem_config_p->achan[chan].mycall) > 0 &&
data/direwolf-1.5+dfsg/beacon.c:192:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_misc_config_p->beacon[j].objname) == 0) {
data/direwolf-1.5+dfsg/beacon.c:244:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_igate_config_p->t2_server_name) == 0 ||
data/direwolf-1.5+dfsg/beacon.c:245:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(g_igate_config_p->t2_login) == 0 ||
data/direwolf-1.5+dfsg/beacon.c:246:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(g_igate_config_p->t2_passcode) == 0) {
data/direwolf-1.5+dfsg/beacon.c:775:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mycall) == 0 || strcmp(mycall, "NOCALL") == 0) {
data/direwolf-1.5+dfsg/beacon.c:989:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(beacon_text) == 0) {
data/direwolf-1.5+dfsg/cm108.c:206:52: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define SAFE_STRCPY(to,from) { if (from != NULL) { strncpy(to,from,sizeof(to)); to[sizeof(to)-1] = '\0'; } }
data/direwolf-1.5+dfsg/config.c:154:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0) return (0);
data/direwolf-1.5+dfsg/config.c:167:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0) return (0);
data/direwolf-1.5+dfsg/config.c:225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) >= 2) {
data/direwolf-1.5+dfsg/config.c:226:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endptr = stemp + strlen(stemp) - 1;
data/direwolf-1.5+dfsg/config.c:514:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(via_path) == 0) {
data/direwolf-1.5+dfsg/config.c:541:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ssid > 0 && strlen(addr) >= 2 && isdigit(addr[strlen(addr)-1])) {
data/direwolf-1.5+dfsg/config.c:541:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ssid > 0 && strlen(addr) >= 2 && isdigit(addr[strlen(addr)-1])) {
data/direwolf-1.5+dfsg/config.c:998:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(t) >= 8) {
data/direwolf-1.5+dfsg/config.c:1239:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(p_audio_config->achan[c].mycall) == 0 ||
data/direwolf-1.5+dfsg/config.c:1408:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_audio_config->achan[channel].profiles) > 1 && t != NULL) {
data/direwolf-1.5+dfsg/config.c:1790:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (p_audio_config->achan[channel].octrl[ot].ptt_device, "");
data/direwolf-1.5+dfsg/config.c:1825:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_audio_config->achan[channel].octrl[ot].ptt_device) == 0) {
data/direwolf-1.5+dfsg/config.c:2684:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1; j<(int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:2767:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1; j<(int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:2878:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1; j<(int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:2982:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1; j < (int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:3101:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=1; j<(int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:3220:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = j ; k < (int)(strlen(t)); k++) {
data/direwolf-1.5+dfsg/config.c:3240:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!alldigits(t) || (strlen(t) != 4 && strlen(t) != 6 && strlen(t) != 10)) {
data/direwolf-1.5+dfsg/config.c:3240:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!alldigits(t) || (strlen(t) != 4 && strlen(t) != 6 && strlen(t) != 10)) {
data/direwolf-1.5+dfsg/config.c:3240:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!alldigits(t) || (strlen(t) != 4 && strlen(t) != 6 && strlen(t) != 10)) {
data/direwolf-1.5+dfsg/config.c:3254:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(tl->mhead.prefix) + count_x;
data/direwolf-1.5+dfsg/config.c:3477:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j<(int)(strlen(t)); j++) {
data/direwolf-1.5+dfsg/config.c:3564:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) > 9) {
data/direwolf-1.5+dfsg/config.c:3674:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j=0; j<(int)(strlen(otemp)); j++) {
data/direwolf-1.5+dfsg/config.c:4102:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (t != NULL && strlen(t) > 0) {
data/direwolf-1.5+dfsg/config.c:4297:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_misc_config->kiss_serial_port) > 0) {
data/direwolf-1.5+dfsg/config.c:4325:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_misc_config->kiss_serial_port) > 0) {
data/direwolf-1.5+dfsg/config.c:4451:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_misc_config->log_path) > 0) {
data/direwolf-1.5+dfsg/config.c:4476:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_misc_config->log_path) > 0) {
data/direwolf-1.5+dfsg/config.c:4543:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (beacon_options(t + strlen("xBEACON") + 1, &(p_misc_config->beacon[p_misc_config->num_beacons]), line, p_audio_config)) {
data/direwolf-1.5+dfsg/config.c:4935:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p_audio_config->achan[i].valid && strlen(p_igate_config->t2_login) > 0) {
data/direwolf-1.5+dfsg/config.c:4960:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p_audio_config->achan[j].valid && strlen(p_igate_config->t2_login) > 0) {
data/direwolf-1.5+dfsg/config.c:5087:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(b->dest) > 9) {
data/direwolf-1.5+dfsg/config.c:5156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) == 1 && (isupper(value[0]) || isdigit(value[0]))) {
data/direwolf-1.5+dfsg/config.c:5218:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zone) > 0 || easting != G_UNKNOWN || northing != G_UNKNOWN) {
data/direwolf-1.5+dfsg/config.c:5220:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zone) > 0 && easting != G_UNKNOWN && northing != G_UNKNOWN) {
data/direwolf-1.5+dfsg/config.c:5252:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp_symbol) > 0) {
data/direwolf-1.5+dfsg/config.c:5254:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp_symbol) == 2 &&
data/direwolf-1.5+dfsg/decode_aprs.c:219:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( ! A->g_quiet ) && ( (int)strlen((char*)pinfo) != info_len) ) {
data/direwolf-1.5+dfsg/decode_aprs.c:420:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_name) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:432:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_mfr) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:437:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_mic_e_status) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:482:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_maidenhead) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:537:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_aprstt_loc) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:538:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) > 0) strlcat (stemp, ", ", sizeof(stemp));
data/direwolf-1.5+dfsg/decode_aprs.c:545:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) > 0) strlcat (stemp, ", ", sizeof(stemp));
data/direwolf-1.5+dfsg/decode_aprs.c:553:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) > 0) strlcat (stemp, ", ", sizeof(stemp));
data/direwolf-1.5+dfsg/decode_aprs.c:561:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stemp) > 0) strlcat (stemp, ", ", sizeof(stemp));
data/direwolf-1.5+dfsg/decode_aprs.c:605:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (stemp) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:620:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(A->g_weather);
data/direwolf-1.5+dfsg/decode_aprs.c:635:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_telemetry) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:641:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(A->g_comment);
data/direwolf-1.5+dfsg/decode_aprs.c:1532:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(addressee) - 1;
data/direwolf-1.5+dfsg/decode_aprs.c:1675:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(A->g_name) - 1;
data/direwolf-1.5+dfsg/decode_aprs.c:2041:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(A->g_comment) >= 3) {
data/direwolf-1.5+dfsg/decode_aprs.c:2042:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *hp = A->g_comment + strlen(A->g_comment) - 3;
data/direwolf-1.5+dfsg/decode_aprs.c:2146:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:2729:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(A->g_weather);
data/direwolf-1.5+dfsg/decode_aprs.c:2734:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(A->g_weather);
data/direwolf-1.5+dfsg/decode_aprs.c:3599:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pdext) < 7) {
data/direwolf-1.5+dfsg/decode_aprs.c:3808:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = stuff + strlen(stuff) - 1;
data/direwolf-1.5+dfsg/decode_aprs.c:3829:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tocalls[num_tocalls].prefix) > 2) {
data/direwolf-1.5+dfsg/decode_aprs.c:3831:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tocalls[num_tocalls].len = strlen(tocalls[num_tocalls].prefix);
data/direwolf-1.5+dfsg/decode_aprs.c:3853:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tocalls[num_tocalls].prefix) > 2) {
data/direwolf-1.5+dfsg/decode_aprs.c:3855:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tocalls[num_tocalls].len = strlen(tocalls[num_tocalls].prefix);
data/direwolf-1.5+dfsg/decode_aprs.c:4180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = strlen(pstart);
data/direwolf-1.5+dfsg/decode_aprs.c:4255:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(A->g_name) > 0) {
data/direwolf-1.5+dfsg/decode_aprs.c:4756:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = stuff + strlen(stuff) - 1;
data/direwolf-1.5+dfsg/decode_aprs.c:4761:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(stuff) == 0 || stuff[0] == '#')
data/direwolf-1.5+dfsg/demod.c:187:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (num_letters == (int)(strlen(just_letters)));
data/direwolf-1.5+dfsg/demod.c:225:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (num_letters == (int)(strlen(just_letters)));
data/direwolf-1.5+dfsg/demod.c:240:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert (strlen(save_audio_config_p->achan[chan].profiles) >= 1);
data/direwolf-1.5+dfsg/demod.c:525:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->achan[chan].profiles) == 0) {
data/direwolf-1.5+dfsg/demod.c:532:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
save_audio_config_p->achan[chan].num_subchan = strlen(save_audio_config_p->achan[chan].profiles);
data/direwolf-1.5+dfsg/demod.c:579:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->achan[chan].profiles) == 0) {
data/direwolf-1.5+dfsg/demod.c:586:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
save_audio_config_p->achan[chan].num_subchan = strlen(save_audio_config_p->achan[chan].profiles);
data/direwolf-1.5+dfsg/direwolf.c:666:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(P_opt) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:685:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(l_opt_logdir) > 0 && strlen(L_opt_logfile) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:685:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(l_opt_logdir) > 0 && strlen(L_opt_logfile) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:691:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(L_opt_logfile) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:695:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(l_opt_logdir) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:702:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(input_file) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:970:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(audio_config.timestamp_format) > 0) {
data/direwolf-1.5+dfsg/direwolf.c:1122:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
waypoint_send_sentence (strlen(A.g_name) > 0 ? A.g_name : A.g_src,
data/direwolf-1.5+dfsg/direwolf.h:107:21: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define SLEEP_MS(n) usleep((n)*1000)
data/direwolf-1.5+dfsg/dtmf.c:375:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) (1000.0f * (float)strlen(str) / (float)speed + 0.5f) +
data/direwolf-1.5+dfsg/dwgpsd.c:177:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pconfig->gpsd_host) == 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:123:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pconfig->gpsnmea_port) == 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:490:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pstatus != NULL && strlen(pstatus) == 1) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:504:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plat != NULL && strlen(plat) > 0 && pns != NULL && strlen(pns) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:504:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plat != NULL && strlen(plat) > 0 && pns != NULL && strlen(pns) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:516:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plon != NULL && strlen(plon) > 0 && pew != NULL && strlen(pew) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:516:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plon != NULL && strlen(plon) > 0 && pew != NULL && strlen(pew) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:528:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pknots != NULL && strlen(pknots) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:541:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pcourse) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:657:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pfix != NULL && strlen(pfix) == 1) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:671:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plat != NULL && strlen(plat) > 0 && pns != NULL && strlen(pns) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:671:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plat != NULL && strlen(plat) > 0 && pns != NULL && strlen(pns) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:683:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plon != NULL && strlen(plon) > 0 && pew != NULL && strlen(pew) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:683:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (plon != NULL && strlen(plon) > 0 && pew != NULL && strlen(pew) > 0) {
data/direwolf-1.5+dfsg/dwgpsnmea.c:703:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(paltitude) > 0) {
data/direwolf-1.5+dfsg/encode_aprs.c:465:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(presult));
data/direwolf-1.5+dfsg/encode_aprs.c:592:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(salt);
data/direwolf-1.5+dfsg/encode_aprs.c:599:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(comment);
data/direwolf-1.5+dfsg/encode_aprs.c:685:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(name);
data/direwolf-1.5+dfsg/encode_aprs.c:749:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(comment);
data/direwolf-1.5+dfsg/gen_packets.c:453:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(output_file) == 0) {
data/direwolf-1.5+dfsg/geotranz/error_string.c:80:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "");
data/direwolf-1.5+dfsg/geotranz/error_string.c:84:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:84:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:89:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) == 0) {
data/direwolf-1.5+dfsg/geotranz/error_string.c:98:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "");
data/direwolf-1.5+dfsg/geotranz/error_string.c:102:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:102:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:107:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) == 0) {
data/direwolf-1.5+dfsg/geotranz/error_string.c:117:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (str, "");
data/direwolf-1.5+dfsg/geotranz/error_string.c:121:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:121:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (strlen(str) > 0) strcat(str, "\n");
data/direwolf-1.5+dfsg/geotranz/error_string.c:126:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) == 0) {
data/direwolf-1.5+dfsg/geotranz/mgrs.c:403:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(MGRS, " ", 2); // 2 spaces
data/direwolf-1.5+dfsg/geotranz/mgrs.c:457:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (zone_string, MGRS+j, 2);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:504:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (east_string, MGRS+j, n);
data/direwolf-1.5+dfsg/geotranz/mgrs.c:507:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (north_string, MGRS+j+n, n);
data/direwolf-1.5+dfsg/geotranz/usng.c:370:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(USNG, " ", 2); // 2 spaces
data/direwolf-1.5+dfsg/geotranz/usng.c:424:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (zone_string, USNG+j, 2);
data/direwolf-1.5+dfsg/geotranz/usng.c:471:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (east_string, USNG+j, n);
data/direwolf-1.5+dfsg/geotranz/usng.c:474:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (north_string, USNG+j+n, n);
data/direwolf-1.5+dfsg/igate.c:272:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_msg_to_server ("W1ABC>APRS:?", strlen("W1ABC>APRS:?");
data/direwolf-1.5+dfsg/igate.c:450:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p_igate_config->t2_server_name) == 0 ||
data/direwolf-1.5+dfsg/igate.c:451:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(p_igate_config->t2_login) == 0 ||
data/direwolf-1.5+dfsg/igate.c:452:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(p_igate_config->t2_passcode) == 0) {
data/direwolf-1.5+dfsg/igate.c:803:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_msg_to_server (stemp, strlen(stemp));
data/direwolf-1.5+dfsg/igate.c:833:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_msg_to_server (heartbeat, strlen(heartbeat));
data/direwolf-1.5+dfsg/igate.c:1121:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[strlen(msg)-1] = '\0'; /* Remove trailing ":" */
data/direwolf-1.5+dfsg/igate.c:1187:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int msg_len = strlen(msg); // What we have so far before info part.
data/direwolf-1.5+dfsg/igate.c:1477:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen((char*)message) != len) {
data/direwolf-1.5+dfsg/kiss.c:404:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen((char*)fbuf);
data/direwolf-1.5+dfsg/kiss.c:409:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kiss_len = strlen((char *)kiss_buff);
data/direwolf-1.5+dfsg/kiss.c:549:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
|| (n = read(pt_master_fd, &ch, (size_t)1)) != 1)
data/direwolf-1.5+dfsg/kiss_frame.c:823:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(param) > 0) {
data/direwolf-1.5+dfsg/kiss_frame.c:829:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*sendfun) (chan, KISS_CMD_SET_HARDWARE, (unsigned char *)response, strlen(response), client);
data/direwolf-1.5+dfsg/kiss_frame.c:834:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(param) > 0) {
data/direwolf-1.5+dfsg/kiss_frame.c:841:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*sendfun) (chan, KISS_CMD_SET_HARDWARE, (unsigned char *)response, strlen(response), client);
data/direwolf-1.5+dfsg/kissnet.c:599:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen((char*)fbuf);
data/direwolf-1.5+dfsg/kissnet.c:604:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kiss_len = strlen((char *)kiss_buff);
data/direwolf-1.5+dfsg/kissserial.c:192:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_misc_config_p->kiss_serial_port) > 0) {
data/direwolf-1.5+dfsg/kissserial.c:290:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flen = strlen((char*)fbuf);
data/direwolf-1.5+dfsg/kissserial.c:295:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kiss_len = strlen((char *)kiss_buff);
data/direwolf-1.5+dfsg/kissutil.c:162:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = stuff + strlen(stuff) - 1;
data/direwolf-1.5+dfsg/kissutil.c:163:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(stuff) > 0 && (*p == '\r' || *p == '\n')) {
data/direwolf-1.5+dfsg/kissutil.c:264:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(receive_output) > 0) {
data/direwolf-1.5+dfsg/kissutil.c:315:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(transmit_from) > 0) {
data/direwolf-1.5+dfsg/kissutil.c:406:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) == 0) {
data/direwolf-1.5+dfsg/kissutil.c:508:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
send_to_kiss_tnc (chan, KISS_CMD_SET_HARDWARE, p, strlen(p));
data/direwolf-1.5+dfsg/kissutil.c:784:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timestamp_format) > 0) {
data/direwolf-1.5+dfsg/kissutil.c:817:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(receive_output) > 0) {
data/direwolf-1.5+dfsg/latlong.c:321:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (slat, "");
data/direwolf-1.5+dfsg/latlong.c:322:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "");
data/direwolf-1.5+dfsg/latlong.c:339:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "S");
data/direwolf-1.5+dfsg/latlong.c:342:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "N");
data/direwolf-1.5+dfsg/latlong.c:382:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (slong, "");
data/direwolf-1.5+dfsg/latlong.c:383:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "");
data/direwolf-1.5+dfsg/latlong.c:400:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "W");
data/direwolf-1.5+dfsg/latlong.c:403:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (hemi, "E");
data/direwolf-1.5+dfsg/latlong.c:716:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int np = strlen(maidenhead) / 2; /* Number of pairs of characters. */
data/direwolf-1.5+dfsg/latlong.c:718:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(maidenhead) %2 != 0 || np < MH_MIN_PAIR || np > MH_MAX_PAIR) {
data/direwolf-1.5+dfsg/latlong.c:764:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(maidenhead) != 2 && strlen(maidenhead) != 4 && strlen(maidenhead) != 6 && strlen(maidenhead) != 8) {
data/direwolf-1.5+dfsg/latlong.c:764:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(maidenhead) != 2 && strlen(maidenhead) != 4 && strlen(maidenhead) != 6 && strlen(maidenhead) != 8) {
data/direwolf-1.5+dfsg/latlong.c:764:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(maidenhead) != 2 && strlen(maidenhead) != 4 && strlen(maidenhead) != 6 && strlen(maidenhead) != 8) {
data/direwolf-1.5+dfsg/latlong.c:764:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(maidenhead) != 2 && strlen(maidenhead) != 4 && strlen(maidenhead) != 6 && strlen(maidenhead) != 8) {
data/direwolf-1.5+dfsg/latlong.c:787:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mh) >= 4) {
data/direwolf-1.5+dfsg/latlong.c:802:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mh) >=6) {
data/direwolf-1.5+dfsg/latlong.c:819:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mh) >= 8) {
data/direwolf-1.5+dfsg/log.c:137:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 0) {
data/direwolf-1.5+dfsg/log.c:219:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(g_log_path) == 0) return;
data/direwolf-1.5+dfsg/log.c:389:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quote_for_csv (sname, sizeof(sname), (strlen(A->g_name) > 0) ? A->g_name : A->g_src);
data/direwolf-1.5+dfsg/log2gpx.c:191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(raw) - 1;
data/direwolf-1.5+dfsg/log2gpx.c:253:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pisotime != NULL && strlen(pisotime) > 0 &&
data/direwolf-1.5+dfsg/log2gpx.c:254:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pname != NULL && strlen(pname) > 0 &&
data/direwolf-1.5+dfsg/log2gpx.c:255:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
platitude != NULL && strlen(platitude) > 0 &&
data/direwolf-1.5+dfsg/log2gpx.c:256:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plongitude != NULL && strlen(plongitude) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:265:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pspeed != NULL && strlen(pspeed) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:268:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pcourse != NULL && strlen(pcourse) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:271:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paltitude != NULL && strlen(paltitude) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:277:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pfreq != NULL && strlen(pfreq) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:285:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (poffset != NULL && strlen(poffset) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:293:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(desc) > 0) strlcat (desc, " ", sizeof(desc));
data/direwolf-1.5+dfsg/log2gpx.c:297:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ptone != NULL && strlen(ptone) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:304:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(desc) > 0) strlcat (desc, " ", sizeof(desc));
data/direwolf-1.5+dfsg/log2gpx.c:309:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pstatus != NULL && strlen(pstatus) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:312:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pcomment != NULL && strlen(pcomment) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:313:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(comment) > 0) strlcat (comment, ", ", sizeof(comment));
data/direwolf-1.5+dfsg/log2gpx.c:328:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (things[num_things].time, pisotime, sizeof(things[num_things].time));
data/direwolf-1.5+dfsg/log2gpx.c:329:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (things[num_things].name, pname, sizeof(things[num_things].name));
data/direwolf-1.5+dfsg/log2gpx.c:330:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (things[num_things].desc, desc, sizeof(things[num_things].desc));
data/direwolf-1.5+dfsg/log2gpx.c:331:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (things[num_things].comment, comment, sizeof(things[num_things].comment));
data/direwolf-1.5+dfsg/log2gpx.c:509:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(things[i].desc) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:512:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(safe_comment) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:538:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(things[i].desc) > 0) {
data/direwolf-1.5+dfsg/log2gpx.c:541:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(safe_comment) > 0) {
data/direwolf-1.5+dfsg/mheard.c:649:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:664:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:676:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:685:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:700:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:707:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/mheard.c:717:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (role != NULL && strlen(role) > 0) {
data/direwolf-1.5+dfsg/misc/strcasestr.c:53:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/direwolf-1.5+dfsg/misc/strlcat.c:104:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
retval = dlen + strlen(s);
data/direwolf-1.5+dfsg/morse.c:477:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(morse[i].enc);
data/direwolf-1.5+dfsg/morse.c:514:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/direwolf-1.5+dfsg/pfilter.c:590:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 0) {
data/direwolf-1.5+dfsg/pfilter.c:618:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 0) {
data/direwolf-1.5+dfsg/pfilter.c:806:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mlen != (int)(strlen(v) - 1)) {
data/direwolf-1.5+dfsg/pfilter.c:851:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(infop) < 16) return (0);
data/direwolf-1.5+dfsg/pfilter.c:955:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) != 6) break;
data/direwolf-1.5+dfsg/pfilter.c:1171:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(alt) == 0) {
data/direwolf-1.5+dfsg/pfilter.c:1206:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pri) == 0) {
data/direwolf-1.5+dfsg/pfilter.c:1229:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pri != NULL && strlen(pri) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1249:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(over) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1359:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v != NULL && strlen(v) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1370:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(v) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1379:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v != NULL && strlen(v) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1383:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v != NULL && strlen(v) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1392:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (v != NULL && strlen(v) > 0) {
data/direwolf-1.5+dfsg/pfilter.c:1521:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dw_printf ("%*s\n", (int)(strlen(intro) + pf->tokeni + 1), "^");
data/direwolf-1.5+dfsg/ptt.c:450:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, stemp, strlen(stemp)) != strlen(stemp)) {
data/direwolf-1.5+dfsg/ptt.c:450:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, stemp, strlen(stemp)) != strlen(stemp)) {
data/direwolf-1.5+dfsg/ptt.c:537:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(lookfor, file_list[i]->d_name, strlen(lookfor)) == 0) {
data/direwolf-1.5+dfsg/ptt.c:596:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, gpio_val, strlen(gpio_val)) != strlen(gpio_val)) {
data/direwolf-1.5+dfsg/ptt.c:596:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write (fd, gpio_val, strlen(gpio_val)) != strlen(gpio_val)) {
data/direwolf-1.5+dfsg/ptt.c:1232:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (ptt_fd[chan][ot], &lpt_data, (size_t)1) != 1) {
data/direwolf-1.5+dfsg/ptt.c:1343:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read (fd, vtemp, 1) != 1) {
data/direwolf-1.5+dfsg/regex/regcomp.c:480:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = re_compile_internal (preg, pattern, strlen (pattern), syntax);
data/direwolf-1.5+dfsg/regex/regcomp.c:529:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg_size = strlen (msg) + 1; /* Includes the null. */
data/direwolf-1.5+dfsg/regex/regcomp.c:687:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = re_compile_internal (&re_comp_buf, s, strlen (s), re_syntax_options);
data/direwolf-1.5+dfsg/regex/regcomp.c:753:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dfa->re_str, pattern, length + 1);
data/direwolf-1.5+dfsg/regex/regcomp.c:2576:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen ((char *) start_elem->opr.name) > 1)
data/direwolf-1.5+dfsg/regex/regcomp.c:2578:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen ((char *) end_elem->opr.name) > 1), 0))
data/direwolf-1.5+dfsg/regex/regcomp.c:2686:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen ((const char *) name);
data/direwolf-1.5+dfsg/regex/regcomp.c:2779:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sym_name_len = strlen ((char *) br_elem->opr.name);
data/direwolf-1.5+dfsg/regex/regcomp.c:2915:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen ((const char *) name);
data/direwolf-1.5+dfsg/regex/regcomp.c:3377:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (BE (idx1 == 0 || cp < name + strlen ((const char *) name), 0))
data/direwolf-1.5+dfsg/regex/regcomp.c:3430:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (BE (strlen ((const char *) name) != 1, 0))
data/direwolf-1.5+dfsg/regex/regexec.c:258:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (string);
data/direwolf-1.5+dfsg/serial_port.c:420:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = read(fd, &ch, (size_t)1);
data/direwolf-1.5+dfsg/server.c:919:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
agwpe_msg.hdr.data_len_NETLE = host2netle(strlen(agwpe_msg.data) + 1) /* +1 to include terminating null */ ;
data/direwolf-1.5+dfsg/server.c:1002:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reply.hdr.data_len_NETLE = host2netle(strlen(reply.info) + 1);
data/direwolf-1.5+dfsg/server.c:1055:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reply.hdr.data_len_NETLE = host2netle(strlen(reply.info) + 1);
data/direwolf-1.5+dfsg/server.c:1421:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reply.hdr.data_len_NETLE = host2netle(strlen(reply.info) + 1);
data/direwolf-1.5+dfsg/server.c:1500:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reply.hdr.data_len_NETLE = host2netle(strlen(reply.info));
data/direwolf-1.5+dfsg/symbols.c:353:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define GOOD_LINE(x) (strlen(x) > 6 && \
data/direwolf-1.5+dfsg/symbols.c:402:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(stuff+COL6_DESC) - 1; j>=0 && stuff[COL6_DESC+j] <= ' '; j--) {
data/direwolf-1.5+dfsg/symbols.c:407:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_sym_ptr[new_sym_len].description, stuff+COL6_DESC, NEW_SYM_DESC_LEN);
data/direwolf-1.5+dfsg/telemetry.c:222:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(p+1));
data/direwolf-1.5+dfsg/telemetry.c:318:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = stemp + strlen(stemp) - 1; p >= stemp && (*p == '\r' || *p == '\n') ; p--) {
data/direwolf-1.5+dfsg/telemetry.c:337:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0) {
data/direwolf-1.5+dfsg/telemetry.c:360:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(next) < 8) {
data/direwolf-1.5+dfsg/telemetry.c:368:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(next) > 8) {
data/direwolf-1.5+dfsg/telemetry.c:372:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (k = 0; k < (int)(strlen(next)); k++) {
data/direwolf-1.5+dfsg/telemetry.c:502:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cdata) < 4 || strlen(cdata) > 14 || (strlen(cdata) & 1)) {
data/direwolf-1.5+dfsg/telemetry.c:502:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cdata) < 4 || strlen(cdata) > 14 || (strlen(cdata) & 1)) {
data/direwolf-1.5+dfsg/telemetry.c:502:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cdata) < 4 || strlen(cdata) > 14 || (strlen(cdata) & 1)) {
data/direwolf-1.5+dfsg/telemetry.c:591:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = stemp + strlen(stemp) - 1; p >= stemp && (*p == '\r' || *p == '\n') ; p--) {
data/direwolf-1.5+dfsg/telemetry.c:607:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0 && strcmp(p,"-") != 0) {
data/direwolf-1.5+dfsg/telemetry.c:670:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = stemp + strlen(stemp) - 1; p >= stemp && (*p == '\r' || *p == '\n') ; p--) {
data/direwolf-1.5+dfsg/telemetry.c:686:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0) {
data/direwolf-1.5+dfsg/telemetry.c:750:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = stemp + strlen(stemp) - 1; p >= stemp && (*p == '\r' || *p == '\n') ; p--) {
data/direwolf-1.5+dfsg/telemetry.c:767:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0) {
data/direwolf-1.5+dfsg/telemetry.c:844:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msg) < 8) {
data/direwolf-1.5+dfsg/telemetry.c:851:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < T_NUM_DIGITAL && n < (int)(strlen(msg)); n++) {
data/direwolf-1.5+dfsg/telemetry.c:959:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pm->project) > 0) {
data/direwolf-1.5+dfsg/telemetry.c:999:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pm->unit[n]) > 0) {
data/direwolf-1.5+dfsg/telemetry.c:1030:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pm->unit[T_NUM_ANALOG+n]) > 0) {
data/direwolf-1.5+dfsg/tt_text.c:474:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (buttons, "");
data/direwolf-1.5+dfsg/tt_text.c:478:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) < 1 || strlen(text) > 6) {
data/direwolf-1.5+dfsg/tt_text.c:478:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) < 1 || strlen(text) > 6) {
data/direwolf-1.5+dfsg/tt_text.c:503:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(padded) < 6) {
data/direwolf-1.5+dfsg/tt_text.c:504:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (padded, " ");
data/direwolf-1.5+dfsg/tt_text.c:585:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) < 1 || strlen(text) > 4) {
data/direwolf-1.5+dfsg/tt_text.c:585:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) < 1 || strlen(text) > 4) {
data/direwolf-1.5+dfsg/tt_text.c:1017:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttons) != 10) {
data/direwolf-1.5+dfsg/tt_text.c:1070:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(text) - 1; /* should be 6 - 1 = 5 */
data/direwolf-1.5+dfsg/tt_text.c:1116:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttons) != 5) {
data/direwolf-1.5+dfsg/tt_text.c:1168:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "");
data/direwolf-1.5+dfsg/tt_text.c:1223:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttons) != 4 && strlen(buttons) != 6 &&
data/direwolf-1.5+dfsg/tt_text.c:1223:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttons) != 4 && strlen(buttons) != 6 &&
data/direwolf-1.5+dfsg/tt_text.c:1224:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buttons) != 10 && strlen(buttons) != 12 &&
data/direwolf-1.5+dfsg/tt_text.c:1224:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buttons) != 10 && strlen(buttons) != 12 &&
data/direwolf-1.5+dfsg/tt_text.c:1225:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buttons) != 16 && strlen(buttons) != 18) {
data/direwolf-1.5+dfsg/tt_text.c:1225:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buttons) != 16 && strlen(buttons) != 18) {
data/direwolf-1.5+dfsg/tt_text.c:1256:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (n = 0; n < 6 && b < buttons+strlen(buttons); n++) {
data/direwolf-1.5+dfsg/tt_text.c:1319:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np = strlen(text) / 2;
data/direwolf-1.5+dfsg/tt_text.c:1321:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(text) % 2) != 0) {
data/direwolf-1.5+dfsg/tt_text.c:1409:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (text, "");
data/direwolf-1.5+dfsg/tt_text.c:1413:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buttons) != 4) {
data/direwolf-1.5+dfsg/tt_text.c:1609:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (text, " ");
data/direwolf-1.5+dfsg/tt_user.c:309:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(tt_user[i].callsign);
data/direwolf-1.5+dfsg/tt_user.c:558:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(loc_text) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:590:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dao) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:744:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(object_name) <= 6 && tt_user[i].ssid != 0) {
data/direwolf-1.5+dfsg/tt_user.c:781:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tt_user[i].comment) != 0) {
data/direwolf-1.5+dfsg/tt_user.c:785:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tt_user[i].loc_text) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:786:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info_comment) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:796:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info_comment) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:807:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tt_user[i].dao) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:808:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(info_comment) > 0) {
data/direwolf-1.5+dfsg/tt_user.c:848:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tt_user[i].freq) > 0 ? atof(tt_user[i].freq) : G_UNKNOWN,
data/direwolf-1.5+dfsg/tt_user.c:849:3: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tt_user[i].ctcss) > 0 ? atof(tt_user[i].ctcss) : G_UNKNOWN,
data/direwolf-1.5+dfsg/walk96.c:83:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serial_port_write (tnc, cmd, strlen(cmd));
data/direwolf-1.5+dfsg/waypoint.c:123:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(mc->waypoint_port) > 0) {
data/direwolf-1.5+dfsg/waypoint.c:292:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (salt, "");
data/direwolf-1.5+dfsg/waypoint.c:299:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (sspeed, "");
data/direwolf-1.5+dfsg/waypoint.c:306:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (scourse, "");
data/direwolf-1.5+dfsg/waypoint.c:608:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
serial_port_write (s_waypoint_port_fd, final, strlen(final));
data/direwolf-1.5+dfsg/xmit.c:982:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->timestamp_format) > 0) {
data/direwolf-1.5+dfsg/xmit.c:1099:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->timestamp_format) > 0) {
data/direwolf-1.5+dfsg/xmit.c:1116:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->tts_script) == 0) {
data/direwolf-1.5+dfsg/xmit.c:1226:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->timestamp_format) > 0) {
data/direwolf-1.5+dfsg/xmit.c:1298:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(save_audio_config_p->timestamp_format) > 0) {
ANALYSIS SUMMARY:
Hits = 1407
Lines analyzed = 96292 in approximately 2.50 seconds (38472 lines/second)
Physical Source Lines of Code (SLOC) = 50922
Hits@level = [0] 449 [1] 392 [2] 961 [3] 19 [4] 35 [5] 0
Hits@level+ = [0+] 1856 [1+] 1407 [2+] 1015 [3+] 54 [4+] 35 [5+] 0
Hits/KSLOC@level+ = [0+] 36.4479 [1+] 27.6305 [2+] 19.9324 [3+] 1.06045 [4+] 0.687326 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.