Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/frr-7.4/babeld/babel_errors.c Examining data/frr-7.4/babeld/babel_errors.h Examining data/frr-7.4/babeld/babel_filter.c Examining data/frr-7.4/babeld/babel_filter.h Examining data/frr-7.4/babeld/babel_interface.c Examining data/frr-7.4/babeld/babel_interface.h Examining data/frr-7.4/babeld/babel_main.c Examining data/frr-7.4/babeld/babel_main.h Examining data/frr-7.4/babeld/babel_zebra.c Examining data/frr-7.4/babeld/babel_zebra.h Examining data/frr-7.4/babeld/babeld.c Examining data/frr-7.4/babeld/babeld.h Examining data/frr-7.4/babeld/kernel.c Examining data/frr-7.4/babeld/kernel.h Examining data/frr-7.4/babeld/message.c Examining data/frr-7.4/babeld/message.h Examining data/frr-7.4/babeld/neighbour.c Examining data/frr-7.4/babeld/neighbour.h Examining data/frr-7.4/babeld/net.c Examining data/frr-7.4/babeld/net.h Examining data/frr-7.4/babeld/resend.c Examining data/frr-7.4/babeld/resend.h Examining data/frr-7.4/babeld/route.c Examining data/frr-7.4/babeld/route.h Examining data/frr-7.4/babeld/source.c Examining data/frr-7.4/babeld/source.h Examining data/frr-7.4/babeld/util.c Examining data/frr-7.4/babeld/util.h Examining data/frr-7.4/babeld/xroute.c Examining data/frr-7.4/babeld/xroute.h Examining data/frr-7.4/bfdd/bfd.c Examining data/frr-7.4/bfdd/bfd.h Examining data/frr-7.4/bfdd/bfd_packet.c Examining data/frr-7.4/bfdd/bfdctl.h Examining data/frr-7.4/bfdd/bfdd.c Examining data/frr-7.4/bfdd/bfdd_cli.c Examining data/frr-7.4/bfdd/bfdd_nb.c Examining data/frr-7.4/bfdd/bfdd_nb.h Examining data/frr-7.4/bfdd/bfdd_nb_config.c Examining data/frr-7.4/bfdd/bfdd_nb_state.c Examining data/frr-7.4/bfdd/bfdd_vty.c Examining data/frr-7.4/bfdd/config.c Examining data/frr-7.4/bfdd/control.c Examining data/frr-7.4/bfdd/event.c Examining data/frr-7.4/bfdd/ptm_adapter.c Examining data/frr-7.4/bgpd/bgp_addpath.c Examining data/frr-7.4/bgpd/bgp_addpath.h Examining data/frr-7.4/bgpd/bgp_addpath_types.h Examining data/frr-7.4/bgpd/bgp_advertise.c Examining data/frr-7.4/bgpd/bgp_advertise.h Examining data/frr-7.4/bgpd/bgp_aspath.c Examining data/frr-7.4/bgpd/bgp_aspath.h Examining data/frr-7.4/bgpd/bgp_attr.c Examining data/frr-7.4/bgpd/bgp_attr.h Examining data/frr-7.4/bgpd/bgp_attr_evpn.c Examining data/frr-7.4/bgpd/bgp_attr_evpn.h Examining data/frr-7.4/bgpd/bgp_bfd.c Examining data/frr-7.4/bgpd/bgp_bfd.h Examining data/frr-7.4/bgpd/bgp_bmp.c Examining data/frr-7.4/bgpd/bgp_bmp.h Examining data/frr-7.4/bgpd/bgp_btoa.c Examining data/frr-7.4/bgpd/bgp_clist.c Examining data/frr-7.4/bgpd/bgp_clist.h Examining data/frr-7.4/bgpd/bgp_community.c Examining data/frr-7.4/bgpd/bgp_community.h Examining data/frr-7.4/bgpd/bgp_damp.c Examining data/frr-7.4/bgpd/bgp_damp.h Examining data/frr-7.4/bgpd/bgp_debug.c Examining data/frr-7.4/bgpd/bgp_debug.h Examining data/frr-7.4/bgpd/bgp_dump.c Examining data/frr-7.4/bgpd/bgp_dump.h Examining data/frr-7.4/bgpd/bgp_ecommunity.c Examining data/frr-7.4/bgpd/bgp_ecommunity.h Examining data/frr-7.4/bgpd/bgp_encap_tlv.c Examining data/frr-7.4/bgpd/bgp_encap_tlv.h Examining data/frr-7.4/bgpd/bgp_encap_types.h Examining data/frr-7.4/bgpd/bgp_errors.c Examining data/frr-7.4/bgpd/bgp_errors.h Examining data/frr-7.4/bgpd/bgp_evpn.c Examining data/frr-7.4/bgpd/bgp_evpn.h Examining data/frr-7.4/bgpd/bgp_evpn_private.h Examining data/frr-7.4/bgpd/bgp_evpn_vty.c Examining data/frr-7.4/bgpd/bgp_evpn_vty.h Examining data/frr-7.4/bgpd/bgp_filter.c Examining data/frr-7.4/bgpd/bgp_filter.h Examining data/frr-7.4/bgpd/bgp_flowspec.c Examining data/frr-7.4/bgpd/bgp_flowspec.h Examining data/frr-7.4/bgpd/bgp_flowspec_private.h Examining data/frr-7.4/bgpd/bgp_flowspec_util.c Examining data/frr-7.4/bgpd/bgp_flowspec_util.h Examining data/frr-7.4/bgpd/bgp_flowspec_vty.c Examining data/frr-7.4/bgpd/bgp_fsm.c Examining data/frr-7.4/bgpd/bgp_fsm.h Examining data/frr-7.4/bgpd/bgp_io.c Examining data/frr-7.4/bgpd/bgp_io.h Examining data/frr-7.4/bgpd/bgp_keepalives.c Examining data/frr-7.4/bgpd/bgp_keepalives.h Examining data/frr-7.4/bgpd/bgp_label.c Examining data/frr-7.4/bgpd/bgp_label.h Examining data/frr-7.4/bgpd/bgp_labelpool.c Examining data/frr-7.4/bgpd/bgp_labelpool.h Examining data/frr-7.4/bgpd/bgp_lcommunity.c Examining data/frr-7.4/bgpd/bgp_lcommunity.h Examining data/frr-7.4/bgpd/bgp_mac.c Examining data/frr-7.4/bgpd/bgp_mac.h Examining data/frr-7.4/bgpd/bgp_main.c Examining data/frr-7.4/bgpd/bgp_memory.c Examining data/frr-7.4/bgpd/bgp_memory.h Examining data/frr-7.4/bgpd/bgp_mpath.c Examining data/frr-7.4/bgpd/bgp_mpath.h Examining data/frr-7.4/bgpd/bgp_mplsvpn.c Examining data/frr-7.4/bgpd/bgp_mplsvpn.h Examining data/frr-7.4/bgpd/bgp_network.c Examining data/frr-7.4/bgpd/bgp_network.h Examining data/frr-7.4/bgpd/bgp_nexthop.c Examining data/frr-7.4/bgpd/bgp_nexthop.h Examining data/frr-7.4/bgpd/bgp_nht.c Examining data/frr-7.4/bgpd/bgp_nht.h Examining data/frr-7.4/bgpd/bgp_open.c Examining data/frr-7.4/bgpd/bgp_open.h Examining data/frr-7.4/bgpd/bgp_packet.c Examining data/frr-7.4/bgpd/bgp_packet.h Examining data/frr-7.4/bgpd/bgp_pbr.c Examining data/frr-7.4/bgpd/bgp_pbr.h Examining data/frr-7.4/bgpd/bgp_rd.c Examining data/frr-7.4/bgpd/bgp_rd.h Examining data/frr-7.4/bgpd/bgp_regex.c Examining data/frr-7.4/bgpd/bgp_regex.h Examining data/frr-7.4/bgpd/bgp_route.c Examining data/frr-7.4/bgpd/bgp_route.h Examining data/frr-7.4/bgpd/bgp_routemap.c Examining data/frr-7.4/bgpd/bgp_rpki.c Examining data/frr-7.4/bgpd/bgp_snmp.c Examining data/frr-7.4/bgpd/bgp_table.c Examining data/frr-7.4/bgpd/bgp_table.h Examining data/frr-7.4/bgpd/bgp_updgrp.c Examining data/frr-7.4/bgpd/bgp_updgrp.h Examining data/frr-7.4/bgpd/bgp_updgrp_adv.c Examining data/frr-7.4/bgpd/bgp_updgrp_packet.c Examining data/frr-7.4/bgpd/bgp_vnc_types.h Examining data/frr-7.4/bgpd/bgp_vpn.c Examining data/frr-7.4/bgpd/bgp_vpn.h Examining data/frr-7.4/bgpd/bgp_vty.c Examining data/frr-7.4/bgpd/bgp_vty.h Examining data/frr-7.4/bgpd/bgp_zebra.c Examining data/frr-7.4/bgpd/bgp_zebra.h Examining data/frr-7.4/bgpd/bgpd.c Examining data/frr-7.4/bgpd/bgpd.h Examining data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c Examining data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h Examining data/frr-7.4/bgpd/rfapi/rfapi.c Examining data/frr-7.4/bgpd/rfapi/rfapi.h Examining data/frr-7.4/bgpd/rfapi/rfapi_ap.c Examining data/frr-7.4/bgpd/rfapi/rfapi_ap.h Examining data/frr-7.4/bgpd/rfapi/rfapi_backend.h Examining data/frr-7.4/bgpd/rfapi/rfapi_descriptor_rfp_utils.c Examining data/frr-7.4/bgpd/rfapi/rfapi_descriptor_rfp_utils.h Examining data/frr-7.4/bgpd/rfapi/rfapi_encap_tlv.c Examining data/frr-7.4/bgpd/rfapi/rfapi_encap_tlv.h Examining data/frr-7.4/bgpd/rfapi/rfapi_import.c Examining data/frr-7.4/bgpd/rfapi/rfapi_import.h Examining data/frr-7.4/bgpd/rfapi/rfapi_monitor.c Examining data/frr-7.4/bgpd/rfapi/rfapi_monitor.h Examining data/frr-7.4/bgpd/rfapi/rfapi_nve_addr.c Examining data/frr-7.4/bgpd/rfapi/rfapi_nve_addr.h Examining data/frr-7.4/bgpd/rfapi/rfapi_private.h Examining data/frr-7.4/bgpd/rfapi/rfapi_rib.c Examining data/frr-7.4/bgpd/rfapi/rfapi_rib.h Examining data/frr-7.4/bgpd/rfapi/rfapi_vty.c Examining data/frr-7.4/bgpd/rfapi/rfapi_vty.h Examining data/frr-7.4/bgpd/rfapi/vnc_debug.c Examining data/frr-7.4/bgpd/rfapi/vnc_debug.h Examining data/frr-7.4/bgpd/rfapi/vnc_export_bgp.c Examining data/frr-7.4/bgpd/rfapi/vnc_export_bgp.h Examining data/frr-7.4/bgpd/rfapi/vnc_export_bgp_p.h Examining data/frr-7.4/bgpd/rfapi/vnc_export_table.c Examining data/frr-7.4/bgpd/rfapi/vnc_export_table.h Examining data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c Examining data/frr-7.4/bgpd/rfapi/vnc_import_bgp.h Examining data/frr-7.4/bgpd/rfapi/vnc_import_bgp_p.h Examining data/frr-7.4/bgpd/rfapi/vnc_zebra.c Examining data/frr-7.4/bgpd/rfapi/vnc_zebra.h Examining data/frr-7.4/bgpd/rfp-example/librfp/rfp.h Examining data/frr-7.4/bgpd/rfp-example/librfp/rfp_example.c Examining data/frr-7.4/bgpd/rfp-example/librfp/rfp_internal.h Examining data/frr-7.4/bgpd/rfp-example/rfptest/rfptest.c Examining data/frr-7.4/bgpd/rfp-example/rfptest/rfptest.h Examining data/frr-7.4/eigrpd/eigrp_cli.c Examining data/frr-7.4/eigrpd/eigrp_const.h Examining data/frr-7.4/eigrpd/eigrp_dump.c Examining data/frr-7.4/eigrpd/eigrp_dump.h Examining data/frr-7.4/eigrpd/eigrp_errors.c Examining data/frr-7.4/eigrpd/eigrp_errors.h Examining data/frr-7.4/eigrpd/eigrp_filter.c Examining data/frr-7.4/eigrpd/eigrp_filter.h Examining data/frr-7.4/eigrpd/eigrp_fsm.c Examining data/frr-7.4/eigrpd/eigrp_fsm.h Examining data/frr-7.4/eigrpd/eigrp_hello.c Examining data/frr-7.4/eigrpd/eigrp_interface.c Examining data/frr-7.4/eigrpd/eigrp_interface.h Examining data/frr-7.4/eigrpd/eigrp_macros.h Examining data/frr-7.4/eigrpd/eigrp_main.c Examining data/frr-7.4/eigrpd/eigrp_memory.c Examining data/frr-7.4/eigrpd/eigrp_memory.h Examining data/frr-7.4/eigrpd/eigrp_neighbor.c Examining data/frr-7.4/eigrpd/eigrp_neighbor.h Examining data/frr-7.4/eigrpd/eigrp_network.c Examining data/frr-7.4/eigrpd/eigrp_network.h Examining data/frr-7.4/eigrpd/eigrp_northbound.c Examining data/frr-7.4/eigrpd/eigrp_packet.c Examining data/frr-7.4/eigrpd/eigrp_packet.h Examining data/frr-7.4/eigrpd/eigrp_pkt_tlv1.c Examining data/frr-7.4/eigrpd/eigrp_pkt_tlv2.c Examining data/frr-7.4/eigrpd/eigrp_query.c Examining data/frr-7.4/eigrpd/eigrp_reply.c Examining data/frr-7.4/eigrpd/eigrp_routemap.c Examining data/frr-7.4/eigrpd/eigrp_routemap.h Examining data/frr-7.4/eigrpd/eigrp_siaquery.c Examining data/frr-7.4/eigrpd/eigrp_siareply.c Examining data/frr-7.4/eigrpd/eigrp_snmp.c Examining data/frr-7.4/eigrpd/eigrp_snmp.h Examining data/frr-7.4/eigrpd/eigrp_structs.h Examining data/frr-7.4/eigrpd/eigrp_topology.c Examining data/frr-7.4/eigrpd/eigrp_topology.h Examining data/frr-7.4/eigrpd/eigrp_update.c Examining data/frr-7.4/eigrpd/eigrp_vrf.c Examining data/frr-7.4/eigrpd/eigrp_vrf.h Examining data/frr-7.4/eigrpd/eigrp_vty.c Examining data/frr-7.4/eigrpd/eigrp_vty.h Examining data/frr-7.4/eigrpd/eigrp_zebra.c Examining data/frr-7.4/eigrpd/eigrp_zebra.h Examining data/frr-7.4/eigrpd/eigrpd.c Examining data/frr-7.4/eigrpd/eigrpd.h Examining data/frr-7.4/fpm/fpm.h Examining data/frr-7.4/fpm/fpm_pb.c Examining data/frr-7.4/fpm/fpm_pb.h Examining data/frr-7.4/include/linux/fib_rules.h Examining data/frr-7.4/include/linux/if_addr.h Examining data/frr-7.4/include/linux/if_bridge.h Examining data/frr-7.4/include/linux/if_link.h Examining data/frr-7.4/include/linux/lwtunnel.h Examining data/frr-7.4/include/linux/mpls_iptunnel.h Examining data/frr-7.4/include/linux/neighbour.h Examining data/frr-7.4/include/linux/net_namespace.h Examining data/frr-7.4/include/linux/netlink.h Examining data/frr-7.4/include/linux/nexthop.h Examining data/frr-7.4/include/linux/rtnetlink.h Examining data/frr-7.4/include/linux/seg6.h Examining data/frr-7.4/include/linux/seg6_genl.h Examining data/frr-7.4/include/linux/seg6_hmac.h Examining data/frr-7.4/include/linux/seg6_iptunnel.h Examining data/frr-7.4/include/linux/seg6_local.h Examining data/frr-7.4/include/linux/socket.h Examining data/frr-7.4/isisd/fabricd.c Examining data/frr-7.4/isisd/fabricd.h Examining data/frr-7.4/isisd/isis_adjacency.c Examining data/frr-7.4/isisd/isis_adjacency.h Examining data/frr-7.4/isisd/isis_bfd.c Examining data/frr-7.4/isisd/isis_bfd.h Examining data/frr-7.4/isisd/isis_bpf.c Examining data/frr-7.4/isisd/isis_circuit.c Examining data/frr-7.4/isisd/isis_circuit.h Examining data/frr-7.4/isisd/isis_cli.c Examining data/frr-7.4/isisd/isis_common.h Examining data/frr-7.4/isisd/isis_constants.h Examining data/frr-7.4/isisd/isis_csm.c Examining data/frr-7.4/isisd/isis_csm.h Examining data/frr-7.4/isisd/isis_dlpi.c Examining data/frr-7.4/isisd/isis_dr.c Examining data/frr-7.4/isisd/isis_dr.h Examining data/frr-7.4/isisd/isis_dynhn.c Examining data/frr-7.4/isisd/isis_dynhn.h Examining data/frr-7.4/isisd/isis_errors.c Examining data/frr-7.4/isisd/isis_errors.h Examining data/frr-7.4/isisd/isis_events.c Examining data/frr-7.4/isisd/isis_events.h Examining data/frr-7.4/isisd/isis_flags.c Examining data/frr-7.4/isisd/isis_flags.h Examining data/frr-7.4/isisd/isis_lsp.c Examining data/frr-7.4/isisd/isis_lsp.h Examining data/frr-7.4/isisd/isis_main.c Examining data/frr-7.4/isisd/isis_memory.c Examining data/frr-7.4/isisd/isis_memory.h Examining data/frr-7.4/isisd/isis_misc.c Examining data/frr-7.4/isisd/isis_misc.h Examining data/frr-7.4/isisd/isis_mt.c Examining data/frr-7.4/isisd/isis_mt.h Examining data/frr-7.4/isisd/isis_nb.c Examining data/frr-7.4/isisd/isis_nb.h Examining data/frr-7.4/isisd/isis_nb_config.c Examining data/frr-7.4/isisd/isis_nb_notifications.c Examining data/frr-7.4/isisd/isis_nb_state.c Examining data/frr-7.4/isisd/isis_network.h Examining data/frr-7.4/isisd/isis_pdu.c Examining data/frr-7.4/isisd/isis_pdu.h Examining data/frr-7.4/isisd/isis_pdu_counter.c Examining data/frr-7.4/isisd/isis_pdu_counter.h Examining data/frr-7.4/isisd/isis_pfpacket.c Examining data/frr-7.4/isisd/isis_redist.c Examining data/frr-7.4/isisd/isis_redist.h Examining data/frr-7.4/isisd/isis_route.c Examining data/frr-7.4/isisd/isis_route.h Examining data/frr-7.4/isisd/isis_routemap.c Examining data/frr-7.4/isisd/isis_routemap.h Examining data/frr-7.4/isisd/isis_spf.c Examining data/frr-7.4/isisd/isis_spf.h Examining data/frr-7.4/isisd/isis_spf_private.h Examining data/frr-7.4/isisd/isis_sr.c Examining data/frr-7.4/isisd/isis_sr.h Examining data/frr-7.4/isisd/isis_te.c Examining data/frr-7.4/isisd/isis_te.h Examining data/frr-7.4/isisd/isis_tlvs.c Examining data/frr-7.4/isisd/isis_tlvs.h Examining data/frr-7.4/isisd/isis_tx_queue.c Examining data/frr-7.4/isisd/isis_tx_queue.h Examining data/frr-7.4/isisd/isis_vty_fabricd.c Examining data/frr-7.4/isisd/isis_zebra.c Examining data/frr-7.4/isisd/isis_zebra.h Examining data/frr-7.4/isisd/isisd.c Examining data/frr-7.4/isisd/isisd.h Examining data/frr-7.4/isisd/iso_checksum.c Examining data/frr-7.4/isisd/iso_checksum.h Examining data/frr-7.4/ldpd/accept.c Examining data/frr-7.4/ldpd/address.c Examining data/frr-7.4/ldpd/adjacency.c Examining data/frr-7.4/ldpd/control.c Examining data/frr-7.4/ldpd/control.h Examining data/frr-7.4/ldpd/hello.c Examining data/frr-7.4/ldpd/init.c Examining data/frr-7.4/ldpd/interface.c Examining data/frr-7.4/ldpd/keepalive.c Examining data/frr-7.4/ldpd/l2vpn.c Examining data/frr-7.4/ldpd/labelmapping.c Examining data/frr-7.4/ldpd/lde.c Examining data/frr-7.4/ldpd/lde.h Examining data/frr-7.4/ldpd/lde_lib.c Examining data/frr-7.4/ldpd/ldp.h Examining data/frr-7.4/ldpd/ldp_debug.c Examining data/frr-7.4/ldpd/ldp_debug.h Examining data/frr-7.4/ldpd/ldp_vty.h Examining data/frr-7.4/ldpd/ldp_vty_cmds.c Examining data/frr-7.4/ldpd/ldp_vty_conf.c Examining data/frr-7.4/ldpd/ldp_vty_exec.c Examining data/frr-7.4/ldpd/ldp_zebra.c Examining data/frr-7.4/ldpd/ldpd.c Examining data/frr-7.4/ldpd/ldpd.h Examining data/frr-7.4/ldpd/ldpe.c Examining data/frr-7.4/ldpd/ldpe.h Examining data/frr-7.4/ldpd/log.c Examining data/frr-7.4/ldpd/log.h Examining data/frr-7.4/ldpd/logmsg.c Examining data/frr-7.4/ldpd/neighbor.c Examining data/frr-7.4/ldpd/notification.c Examining data/frr-7.4/ldpd/packet.c Examining data/frr-7.4/ldpd/pfkey.c Examining data/frr-7.4/ldpd/socket.c Examining data/frr-7.4/ldpd/util.c Examining data/frr-7.4/lib/agentx.c Examining data/frr-7.4/lib/agg_table.c Examining data/frr-7.4/lib/agg_table.h Examining data/frr-7.4/lib/atomlist.c Examining data/frr-7.4/lib/atomlist.h Examining data/frr-7.4/lib/bfd.c Examining data/frr-7.4/lib/bfd.h Examining data/frr-7.4/lib/bitfield.h Examining data/frr-7.4/lib/buffer.c Examining data/frr-7.4/lib/buffer.h Examining data/frr-7.4/lib/checksum.c Examining data/frr-7.4/lib/checksum.h Examining data/frr-7.4/lib/clippy.c Examining data/frr-7.4/lib/clippy.h Examining data/frr-7.4/lib/command.c Examining data/frr-7.4/lib/command.h Examining data/frr-7.4/lib/command_graph.c Examining data/frr-7.4/lib/command_graph.h Examining data/frr-7.4/lib/command_match.c Examining data/frr-7.4/lib/command_match.h Examining data/frr-7.4/lib/command_py.c Examining data/frr-7.4/lib/compiler.h Examining data/frr-7.4/lib/csv.c Examining data/frr-7.4/lib/csv.h Examining data/frr-7.4/lib/db.c Examining data/frr-7.4/lib/db.h Examining data/frr-7.4/lib/debug.c Examining data/frr-7.4/lib/debug.h Examining data/frr-7.4/lib/defaults.c Examining data/frr-7.4/lib/defaults.h Examining data/frr-7.4/lib/distribute.c Examining data/frr-7.4/lib/distribute.h Examining data/frr-7.4/lib/ferr.c Examining data/frr-7.4/lib/ferr.h Examining data/frr-7.4/lib/filter.c Examining data/frr-7.4/lib/filter.h Examining data/frr-7.4/lib/freebsd-queue.h Examining data/frr-7.4/lib/frr_pthread.c Examining data/frr-7.4/lib/frr_pthread.h Examining data/frr-7.4/lib/frr_zmq.c Examining data/frr-7.4/lib/frr_zmq.h Examining data/frr-7.4/lib/frratomic.h Examining data/frr-7.4/lib/frrcu.c Examining data/frr-7.4/lib/frrcu.h Examining data/frr-7.4/lib/frrlua.c Examining data/frr-7.4/lib/frrlua.h Examining data/frr-7.4/lib/frrstr.c Examining data/frr-7.4/lib/frrstr.h Examining data/frr-7.4/lib/getopt.c Examining data/frr-7.4/lib/getopt.h Examining data/frr-7.4/lib/getopt1.c Examining data/frr-7.4/lib/grammar_sandbox.c Examining data/frr-7.4/lib/grammar_sandbox_main.c Examining data/frr-7.4/lib/graph.c Examining data/frr-7.4/lib/graph.h Examining data/frr-7.4/lib/hash.c Examining data/frr-7.4/lib/hash.h Examining data/frr-7.4/lib/hook.c Examining data/frr-7.4/lib/hook.h Examining data/frr-7.4/lib/iana_afi.h Examining data/frr-7.4/lib/id_alloc.c Examining data/frr-7.4/lib/id_alloc.h Examining data/frr-7.4/lib/if.c Examining data/frr-7.4/lib/if.h Examining data/frr-7.4/lib/if_rmap.c Examining data/frr-7.4/lib/if_rmap.h Examining data/frr-7.4/lib/imsg-buffer.c Examining data/frr-7.4/lib/imsg.c Examining data/frr-7.4/lib/imsg.h Examining data/frr-7.4/lib/ipaddr.h Examining data/frr-7.4/lib/jhash.c Examining data/frr-7.4/lib/jhash.h Examining data/frr-7.4/lib/json.c Examining data/frr-7.4/lib/json.h Examining data/frr-7.4/lib/keychain.c Examining data/frr-7.4/lib/keychain.h Examining data/frr-7.4/lib/lib_errors.c Examining data/frr-7.4/lib/lib_errors.h Examining data/frr-7.4/lib/lib_vty.c Examining data/frr-7.4/lib/lib_vty.h Examining data/frr-7.4/lib/libfrr.c Examining data/frr-7.4/lib/libfrr.h Examining data/frr-7.4/lib/libospf.h Examining data/frr-7.4/lib/linklist.c Examining data/frr-7.4/lib/linklist.h Examining data/frr-7.4/lib/log.c Examining data/frr-7.4/lib/log.h Examining data/frr-7.4/lib/log_filter.c Examining data/frr-7.4/lib/log_vty.c Examining data/frr-7.4/lib/log_vty.h Examining data/frr-7.4/lib/md5.c Examining data/frr-7.4/lib/md5.h Examining data/frr-7.4/lib/memory.c Examining data/frr-7.4/lib/memory.h Examining data/frr-7.4/lib/mlag.c Examining data/frr-7.4/lib/mlag.h Examining data/frr-7.4/lib/module.c Examining data/frr-7.4/lib/module.h Examining data/frr-7.4/lib/monotime.h Examining data/frr-7.4/lib/mpls.c Examining data/frr-7.4/lib/mpls.h Examining data/frr-7.4/lib/netns_linux.c Examining data/frr-7.4/lib/netns_other.c Examining data/frr-7.4/lib/network.c Examining data/frr-7.4/lib/network.h Examining data/frr-7.4/lib/nexthop.c Examining data/frr-7.4/lib/nexthop.h Examining data/frr-7.4/lib/nexthop_group.c Examining data/frr-7.4/lib/nexthop_group.h Examining data/frr-7.4/lib/nexthop_group_private.h Examining data/frr-7.4/lib/northbound.c Examining data/frr-7.4/lib/northbound.h Examining data/frr-7.4/lib/northbound_cli.c Examining data/frr-7.4/lib/northbound_cli.h Examining data/frr-7.4/lib/northbound_confd.c Examining data/frr-7.4/lib/northbound_db.c Examining data/frr-7.4/lib/northbound_db.h Examining data/frr-7.4/lib/northbound_grpc.cpp Examining data/frr-7.4/lib/northbound_sysrepo.c Examining data/frr-7.4/lib/ns.h Examining data/frr-7.4/lib/ntop.c Examining data/frr-7.4/lib/openbsd-queue.h Examining data/frr-7.4/lib/openbsd-tree.c Examining data/frr-7.4/lib/openbsd-tree.h Examining data/frr-7.4/lib/pbr.h Examining data/frr-7.4/lib/pid_output.c Examining data/frr-7.4/lib/plist.c Examining data/frr-7.4/lib/plist.h Examining data/frr-7.4/lib/plist_int.h Examining data/frr-7.4/lib/prefix.c Examining data/frr-7.4/lib/prefix.h Examining data/frr-7.4/lib/printf/glue.c Examining data/frr-7.4/lib/printf/printf-pos.c Examining data/frr-7.4/lib/printf/printfcommon.h Examining data/frr-7.4/lib/printf/printflocal.h Examining data/frr-7.4/lib/printf/vfprintf.c Examining data/frr-7.4/lib/printfrr.h Examining data/frr-7.4/lib/privs.c Examining data/frr-7.4/lib/privs.h Examining data/frr-7.4/lib/ptm_lib.c Examining data/frr-7.4/lib/ptm_lib.h Examining data/frr-7.4/lib/pullwr.c Examining data/frr-7.4/lib/pullwr.h Examining data/frr-7.4/lib/pw.h Examining data/frr-7.4/lib/qobj.c Examining data/frr-7.4/lib/qobj.h Examining data/frr-7.4/lib/queue.h Examining data/frr-7.4/lib/resolver.c Examining data/frr-7.4/lib/resolver.h Examining data/frr-7.4/lib/ringbuf.c Examining data/frr-7.4/lib/ringbuf.h Examining data/frr-7.4/lib/routemap.c Examining data/frr-7.4/lib/routemap.h Examining data/frr-7.4/lib/routemap_cli.c Examining data/frr-7.4/lib/routemap_northbound.c Examining data/frr-7.4/lib/sbuf.c Examining data/frr-7.4/lib/sbuf.h Examining data/frr-7.4/lib/seqlock.c Examining data/frr-7.4/lib/seqlock.h Examining data/frr-7.4/lib/sha256.c Examining data/frr-7.4/lib/sha256.h Examining data/frr-7.4/lib/sigevent.c Examining data/frr-7.4/lib/sigevent.h Examining data/frr-7.4/lib/skiplist.c Examining data/frr-7.4/lib/skiplist.h Examining data/frr-7.4/lib/smux.h Examining data/frr-7.4/lib/snmp.c Examining data/frr-7.4/lib/sockopt.c Examining data/frr-7.4/lib/sockopt.h Examining data/frr-7.4/lib/sockunion.c Examining data/frr-7.4/lib/sockunion.h Examining data/frr-7.4/lib/spf_backoff.c Examining data/frr-7.4/lib/spf_backoff.h Examining data/frr-7.4/lib/srcdest_table.c Examining data/frr-7.4/lib/srcdest_table.h Examining data/frr-7.4/lib/srv6.c Examining data/frr-7.4/lib/srv6.h Examining data/frr-7.4/lib/stream.c Examining data/frr-7.4/lib/stream.h Examining data/frr-7.4/lib/strlcat.c Examining data/frr-7.4/lib/strlcpy.c Examining data/frr-7.4/lib/systemd.c Examining data/frr-7.4/lib/systemd.h Examining data/frr-7.4/lib/table.c Examining data/frr-7.4/lib/table.h Examining data/frr-7.4/lib/termtable.c Examining data/frr-7.4/lib/termtable.h Examining data/frr-7.4/lib/thread.c Examining data/frr-7.4/lib/thread.h Examining data/frr-7.4/lib/typerb.c Examining data/frr-7.4/lib/typerb.h Examining data/frr-7.4/lib/typesafe.c Examining data/frr-7.4/lib/typesafe.h Examining data/frr-7.4/lib/vector.c Examining data/frr-7.4/lib/vector.h Examining data/frr-7.4/lib/vlan.h Examining data/frr-7.4/lib/vrf.c Examining data/frr-7.4/lib/vrf.h Examining data/frr-7.4/lib/vrf_int.h Examining data/frr-7.4/lib/vty.c Examining data/frr-7.4/lib/vty.h Examining data/frr-7.4/lib/vxlan.h Examining data/frr-7.4/lib/wheel.c Examining data/frr-7.4/lib/wheel.h Examining data/frr-7.4/lib/workqueue.c Examining data/frr-7.4/lib/workqueue.h Examining data/frr-7.4/lib/yang.c Examining data/frr-7.4/lib/yang.h Examining data/frr-7.4/lib/yang_translator.c Examining data/frr-7.4/lib/yang_translator.h Examining data/frr-7.4/lib/yang_wrappers.c Examining data/frr-7.4/lib/yang_wrappers.h Examining data/frr-7.4/lib/zassert.h Examining data/frr-7.4/lib/zclient.c Examining data/frr-7.4/lib/zclient.h Examining data/frr-7.4/lib/zebra.h Examining data/frr-7.4/lib/zlog.c Examining data/frr-7.4/lib/zlog.h Examining data/frr-7.4/lib/zlog_targets.c Examining data/frr-7.4/lib/zlog_targets.h Examining data/frr-7.4/nhrpd/debug.h Examining data/frr-7.4/nhrpd/linux.c Examining data/frr-7.4/nhrpd/list.h Examining data/frr-7.4/nhrpd/netlink.h Examining data/frr-7.4/nhrpd/netlink_arp.c Examining data/frr-7.4/nhrpd/netlink_gre.c Examining data/frr-7.4/nhrpd/nhrp_cache.c Examining data/frr-7.4/nhrpd/nhrp_errors.c Examining data/frr-7.4/nhrpd/nhrp_errors.h Examining data/frr-7.4/nhrpd/nhrp_event.c Examining data/frr-7.4/nhrpd/nhrp_interface.c Examining data/frr-7.4/nhrpd/nhrp_main.c Examining data/frr-7.4/nhrpd/nhrp_nhs.c Examining data/frr-7.4/nhrpd/nhrp_packet.c Examining data/frr-7.4/nhrpd/nhrp_peer.c Examining data/frr-7.4/nhrpd/nhrp_protocol.h Examining data/frr-7.4/nhrpd/nhrp_route.c Examining data/frr-7.4/nhrpd/nhrp_shortcut.c Examining data/frr-7.4/nhrpd/nhrp_vc.c Examining data/frr-7.4/nhrpd/nhrp_vty.c Examining data/frr-7.4/nhrpd/nhrpd.h Examining data/frr-7.4/nhrpd/os.h Examining data/frr-7.4/nhrpd/reqid.c Examining data/frr-7.4/nhrpd/vici.c Examining data/frr-7.4/nhrpd/vici.h Examining data/frr-7.4/nhrpd/zbuf.c Examining data/frr-7.4/nhrpd/zbuf.h Examining data/frr-7.4/nhrpd/znl.c Examining data/frr-7.4/nhrpd/znl.h Examining data/frr-7.4/ospf6d/ospf6_abr.c Examining data/frr-7.4/ospf6d/ospf6_abr.h Examining data/frr-7.4/ospf6d/ospf6_area.c Examining data/frr-7.4/ospf6d/ospf6_area.h Examining data/frr-7.4/ospf6d/ospf6_asbr.c Examining data/frr-7.4/ospf6d/ospf6_asbr.h Examining data/frr-7.4/ospf6d/ospf6_bfd.c Examining data/frr-7.4/ospf6d/ospf6_bfd.h Examining data/frr-7.4/ospf6d/ospf6_flood.c Examining data/frr-7.4/ospf6d/ospf6_flood.h Examining data/frr-7.4/ospf6d/ospf6_interface.c Examining data/frr-7.4/ospf6d/ospf6_interface.h Examining data/frr-7.4/ospf6d/ospf6_intra.c Examining data/frr-7.4/ospf6d/ospf6_intra.h Examining data/frr-7.4/ospf6d/ospf6_lsa.c Examining data/frr-7.4/ospf6d/ospf6_lsa.h Examining data/frr-7.4/ospf6d/ospf6_lsdb.c Examining data/frr-7.4/ospf6d/ospf6_lsdb.h Examining data/frr-7.4/ospf6d/ospf6_main.c Examining data/frr-7.4/ospf6d/ospf6_memory.c Examining data/frr-7.4/ospf6d/ospf6_memory.h Examining data/frr-7.4/ospf6d/ospf6_message.c Examining data/frr-7.4/ospf6d/ospf6_message.h Examining data/frr-7.4/ospf6d/ospf6_neighbor.c Examining data/frr-7.4/ospf6d/ospf6_neighbor.h Examining data/frr-7.4/ospf6d/ospf6_network.c Examining data/frr-7.4/ospf6d/ospf6_network.h Examining data/frr-7.4/ospf6d/ospf6_proto.c Examining data/frr-7.4/ospf6d/ospf6_proto.h Examining data/frr-7.4/ospf6d/ospf6_route.c Examining data/frr-7.4/ospf6d/ospf6_route.h Examining data/frr-7.4/ospf6d/ospf6_snmp.c Examining data/frr-7.4/ospf6d/ospf6_spf.c Examining data/frr-7.4/ospf6d/ospf6_spf.h Examining data/frr-7.4/ospf6d/ospf6_top.c Examining data/frr-7.4/ospf6d/ospf6_top.h Examining data/frr-7.4/ospf6d/ospf6_zebra.c Examining data/frr-7.4/ospf6d/ospf6_zebra.h Examining data/frr-7.4/ospf6d/ospf6d.c Examining data/frr-7.4/ospf6d/ospf6d.h Examining data/frr-7.4/ospfclient/ospf_apiclient.c Examining data/frr-7.4/ospfclient/ospf_apiclient.h Examining data/frr-7.4/ospfclient/ospfclient.c Examining data/frr-7.4/ospfd/ospf_abr.c Examining data/frr-7.4/ospfd/ospf_abr.h Examining data/frr-7.4/ospfd/ospf_api.c Examining data/frr-7.4/ospfd/ospf_api.h Examining data/frr-7.4/ospfd/ospf_apiserver.c Examining data/frr-7.4/ospfd/ospf_apiserver.h Examining data/frr-7.4/ospfd/ospf_asbr.c Examining data/frr-7.4/ospfd/ospf_asbr.h Examining data/frr-7.4/ospfd/ospf_ase.c Examining data/frr-7.4/ospfd/ospf_ase.h Examining data/frr-7.4/ospfd/ospf_bfd.c Examining data/frr-7.4/ospfd/ospf_bfd.h Examining data/frr-7.4/ospfd/ospf_dump.c Examining data/frr-7.4/ospfd/ospf_dump.h Examining data/frr-7.4/ospfd/ospf_dump_api.c Examining data/frr-7.4/ospfd/ospf_dump_api.h Examining data/frr-7.4/ospfd/ospf_errors.c Examining data/frr-7.4/ospfd/ospf_errors.h Examining data/frr-7.4/ospfd/ospf_ext.c Examining data/frr-7.4/ospfd/ospf_ext.h Examining data/frr-7.4/ospfd/ospf_flood.c Examining data/frr-7.4/ospfd/ospf_flood.h Examining data/frr-7.4/ospfd/ospf_ia.c Examining data/frr-7.4/ospfd/ospf_ia.h Examining data/frr-7.4/ospfd/ospf_interface.c Examining data/frr-7.4/ospfd/ospf_interface.h Examining data/frr-7.4/ospfd/ospf_ism.c Examining data/frr-7.4/ospfd/ospf_ism.h Examining data/frr-7.4/ospfd/ospf_lsa.c Examining data/frr-7.4/ospfd/ospf_lsa.h Examining data/frr-7.4/ospfd/ospf_lsdb.c Examining data/frr-7.4/ospfd/ospf_lsdb.h Examining data/frr-7.4/ospfd/ospf_main.c Examining data/frr-7.4/ospfd/ospf_memory.c Examining data/frr-7.4/ospfd/ospf_memory.h Examining data/frr-7.4/ospfd/ospf_neighbor.c Examining data/frr-7.4/ospfd/ospf_neighbor.h Examining data/frr-7.4/ospfd/ospf_network.c Examining data/frr-7.4/ospfd/ospf_network.h Examining data/frr-7.4/ospfd/ospf_nsm.c Examining data/frr-7.4/ospfd/ospf_nsm.h Examining data/frr-7.4/ospfd/ospf_opaque.c Examining data/frr-7.4/ospfd/ospf_opaque.h Examining data/frr-7.4/ospfd/ospf_packet.c Examining data/frr-7.4/ospfd/ospf_packet.h Examining data/frr-7.4/ospfd/ospf_ri.c Examining data/frr-7.4/ospfd/ospf_ri.h Examining data/frr-7.4/ospfd/ospf_route.c Examining data/frr-7.4/ospfd/ospf_route.h Examining data/frr-7.4/ospfd/ospf_routemap.c Examining data/frr-7.4/ospfd/ospf_snmp.c Examining data/frr-7.4/ospfd/ospf_spf.c Examining data/frr-7.4/ospfd/ospf_spf.h Examining data/frr-7.4/ospfd/ospf_sr.c Examining data/frr-7.4/ospfd/ospf_sr.h Examining data/frr-7.4/ospfd/ospf_te.c Examining data/frr-7.4/ospfd/ospf_te.h Examining data/frr-7.4/ospfd/ospf_vty.c Examining data/frr-7.4/ospfd/ospf_vty.h Examining data/frr-7.4/ospfd/ospf_zebra.c Examining data/frr-7.4/ospfd/ospf_zebra.h Examining data/frr-7.4/ospfd/ospfd.c Examining data/frr-7.4/ospfd/ospfd.h Examining data/frr-7.4/pbrd/pbr_debug.c Examining data/frr-7.4/pbrd/pbr_debug.h Examining data/frr-7.4/pbrd/pbr_main.c Examining data/frr-7.4/pbrd/pbr_map.c Examining data/frr-7.4/pbrd/pbr_map.h Examining data/frr-7.4/pbrd/pbr_memory.c Examining data/frr-7.4/pbrd/pbr_memory.h Examining data/frr-7.4/pbrd/pbr_nht.c Examining data/frr-7.4/pbrd/pbr_nht.h Examining data/frr-7.4/pbrd/pbr_vrf.c Examining data/frr-7.4/pbrd/pbr_vrf.h Examining data/frr-7.4/pbrd/pbr_vty.c Examining data/frr-7.4/pbrd/pbr_vty.h Examining data/frr-7.4/pbrd/pbr_zebra.c Examining data/frr-7.4/pbrd/pbr_zebra.h Examining data/frr-7.4/pimd/mtracebis.c Examining data/frr-7.4/pimd/mtracebis_netlink.c Examining data/frr-7.4/pimd/mtracebis_netlink.h Examining data/frr-7.4/pimd/mtracebis_routeget.c Examining data/frr-7.4/pimd/mtracebis_routeget.h Examining data/frr-7.4/pimd/pim_assert.c Examining data/frr-7.4/pimd/pim_assert.h Examining data/frr-7.4/pimd/pim_bfd.c Examining data/frr-7.4/pimd/pim_bfd.h Examining data/frr-7.4/pimd/pim_br.c Examining data/frr-7.4/pimd/pim_br.h Examining data/frr-7.4/pimd/pim_bsm.c Examining data/frr-7.4/pimd/pim_bsm.h Examining data/frr-7.4/pimd/pim_cmd.c Examining data/frr-7.4/pimd/pim_cmd.h Examining data/frr-7.4/pimd/pim_errors.c Examining data/frr-7.4/pimd/pim_errors.h Examining data/frr-7.4/pimd/pim_hello.c Examining data/frr-7.4/pimd/pim_hello.h Examining data/frr-7.4/pimd/pim_iface.c Examining data/frr-7.4/pimd/pim_iface.h Examining data/frr-7.4/pimd/pim_ifchannel.c Examining data/frr-7.4/pimd/pim_ifchannel.h Examining data/frr-7.4/pimd/pim_igmp.c Examining data/frr-7.4/pimd/pim_igmp.h Examining data/frr-7.4/pimd/pim_igmp_join.h Examining data/frr-7.4/pimd/pim_igmp_mtrace.c Examining data/frr-7.4/pimd/pim_igmp_mtrace.h Examining data/frr-7.4/pimd/pim_igmp_stats.c Examining data/frr-7.4/pimd/pim_igmp_stats.h Examining data/frr-7.4/pimd/pim_igmpv2.c Examining data/frr-7.4/pimd/pim_igmpv2.h Examining data/frr-7.4/pimd/pim_igmpv3.c Examining data/frr-7.4/pimd/pim_igmpv3.h Examining data/frr-7.4/pimd/pim_instance.c Examining data/frr-7.4/pimd/pim_instance.h Examining data/frr-7.4/pimd/pim_int.c Examining data/frr-7.4/pimd/pim_int.h Examining data/frr-7.4/pimd/pim_join.c Examining data/frr-7.4/pimd/pim_join.h Examining data/frr-7.4/pimd/pim_jp_agg.c Examining data/frr-7.4/pimd/pim_jp_agg.h Examining data/frr-7.4/pimd/pim_macro.c Examining data/frr-7.4/pimd/pim_macro.h Examining data/frr-7.4/pimd/pim_main.c Examining data/frr-7.4/pimd/pim_memory.c Examining data/frr-7.4/pimd/pim_memory.h Examining data/frr-7.4/pimd/pim_mlag.c Examining data/frr-7.4/pimd/pim_mlag.h Examining data/frr-7.4/pimd/pim_mroute.c Examining data/frr-7.4/pimd/pim_mroute.h Examining data/frr-7.4/pimd/pim_msdp.c Examining data/frr-7.4/pimd/pim_msdp.h Examining data/frr-7.4/pimd/pim_msdp_packet.c Examining data/frr-7.4/pimd/pim_msdp_packet.h Examining data/frr-7.4/pimd/pim_msdp_socket.c Examining data/frr-7.4/pimd/pim_msdp_socket.h Examining data/frr-7.4/pimd/pim_msg.c Examining data/frr-7.4/pimd/pim_msg.h Examining data/frr-7.4/pimd/pim_neighbor.c Examining data/frr-7.4/pimd/pim_neighbor.h Examining data/frr-7.4/pimd/pim_nht.c Examining data/frr-7.4/pimd/pim_nht.h Examining data/frr-7.4/pimd/pim_oil.c Examining data/frr-7.4/pimd/pim_oil.h Examining data/frr-7.4/pimd/pim_pim.c Examining data/frr-7.4/pimd/pim_pim.h Examining data/frr-7.4/pimd/pim_register.c Examining data/frr-7.4/pimd/pim_register.h Examining data/frr-7.4/pimd/pim_routemap.c Examining data/frr-7.4/pimd/pim_rp.c Examining data/frr-7.4/pimd/pim_rp.h Examining data/frr-7.4/pimd/pim_rpf.c Examining data/frr-7.4/pimd/pim_rpf.h Examining data/frr-7.4/pimd/pim_signals.c Examining data/frr-7.4/pimd/pim_signals.h Examining data/frr-7.4/pimd/pim_sock.c Examining data/frr-7.4/pimd/pim_sock.h Examining data/frr-7.4/pimd/pim_ssm.c Examining data/frr-7.4/pimd/pim_ssm.h Examining data/frr-7.4/pimd/pim_ssmpingd.c Examining data/frr-7.4/pimd/pim_ssmpingd.h Examining data/frr-7.4/pimd/pim_static.c Examining data/frr-7.4/pimd/pim_static.h Examining data/frr-7.4/pimd/pim_str.c Examining data/frr-7.4/pimd/pim_str.h Examining data/frr-7.4/pimd/pim_time.c Examining data/frr-7.4/pimd/pim_time.h Examining data/frr-7.4/pimd/pim_tlv.c Examining data/frr-7.4/pimd/pim_tlv.h Examining data/frr-7.4/pimd/pim_upstream.c Examining data/frr-7.4/pimd/pim_upstream.h Examining data/frr-7.4/pimd/pim_util.c Examining data/frr-7.4/pimd/pim_util.h Examining data/frr-7.4/pimd/pim_version.c Examining data/frr-7.4/pimd/pim_version.h Examining data/frr-7.4/pimd/pim_vty.c Examining data/frr-7.4/pimd/pim_vty.h Examining data/frr-7.4/pimd/pim_vxlan.c Examining data/frr-7.4/pimd/pim_vxlan.h Examining data/frr-7.4/pimd/pim_vxlan_instance.h Examining data/frr-7.4/pimd/pim_zebra.c Examining data/frr-7.4/pimd/pim_zebra.h Examining data/frr-7.4/pimd/pim_zlookup.c Examining data/frr-7.4/pimd/pim_zlookup.h Examining data/frr-7.4/pimd/pim_zpthread.c Examining data/frr-7.4/pimd/pimd.c Examining data/frr-7.4/pimd/pimd.h Examining data/frr-7.4/pimd/test_igmpv3_join.c Examining data/frr-7.4/qpb/linear_allocator.h Examining data/frr-7.4/qpb/qpb.c Examining data/frr-7.4/qpb/qpb.h Examining data/frr-7.4/qpb/qpb_allocator.c Examining data/frr-7.4/qpb/qpb_allocator.h Examining data/frr-7.4/ripd/rip_cli.c Examining data/frr-7.4/ripd/rip_debug.c Examining data/frr-7.4/ripd/rip_debug.h Examining data/frr-7.4/ripd/rip_errors.c Examining data/frr-7.4/ripd/rip_errors.h Examining data/frr-7.4/ripd/rip_interface.c Examining data/frr-7.4/ripd/rip_interface.h Examining data/frr-7.4/ripd/rip_main.c Examining data/frr-7.4/ripd/rip_nb.c Examining data/frr-7.4/ripd/rip_nb.h Examining data/frr-7.4/ripd/rip_nb_config.c Examining data/frr-7.4/ripd/rip_nb_notifications.c Examining data/frr-7.4/ripd/rip_nb_rpcs.c Examining data/frr-7.4/ripd/rip_nb_state.c Examining data/frr-7.4/ripd/rip_offset.c Examining data/frr-7.4/ripd/rip_peer.c Examining data/frr-7.4/ripd/rip_routemap.c Examining data/frr-7.4/ripd/rip_snmp.c Examining data/frr-7.4/ripd/rip_zebra.c Examining data/frr-7.4/ripd/ripd.c Examining data/frr-7.4/ripd/ripd.h Examining data/frr-7.4/ripngd/ripng_cli.c Examining data/frr-7.4/ripngd/ripng_debug.c Examining data/frr-7.4/ripngd/ripng_debug.h Examining data/frr-7.4/ripngd/ripng_interface.c Examining data/frr-7.4/ripngd/ripng_main.c Examining data/frr-7.4/ripngd/ripng_nb.c Examining data/frr-7.4/ripngd/ripng_nb.h Examining data/frr-7.4/ripngd/ripng_nb_config.c Examining data/frr-7.4/ripngd/ripng_nb_rpcs.c Examining data/frr-7.4/ripngd/ripng_nb_state.c Examining data/frr-7.4/ripngd/ripng_nexthop.c Examining data/frr-7.4/ripngd/ripng_nexthop.h Examining data/frr-7.4/ripngd/ripng_offset.c Examining data/frr-7.4/ripngd/ripng_peer.c Examining data/frr-7.4/ripngd/ripng_route.c Examining data/frr-7.4/ripngd/ripng_route.h Examining data/frr-7.4/ripngd/ripng_routemap.c Examining data/frr-7.4/ripngd/ripng_zebra.c Examining data/frr-7.4/ripngd/ripngd.c Examining data/frr-7.4/ripngd/ripngd.h Examining data/frr-7.4/sharpd/sharp_globals.h Examining data/frr-7.4/sharpd/sharp_logpump.c Examining data/frr-7.4/sharpd/sharp_main.c Examining data/frr-7.4/sharpd/sharp_nht.c Examining data/frr-7.4/sharpd/sharp_nht.h Examining data/frr-7.4/sharpd/sharp_vty.c Examining data/frr-7.4/sharpd/sharp_vty.h Examining data/frr-7.4/sharpd/sharp_zebra.c Examining data/frr-7.4/sharpd/sharp_zebra.h Examining data/frr-7.4/staticd/static_debug.c Examining data/frr-7.4/staticd/static_debug.h Examining data/frr-7.4/staticd/static_main.c Examining data/frr-7.4/staticd/static_memory.c Examining data/frr-7.4/staticd/static_memory.h Examining data/frr-7.4/staticd/static_nht.c Examining data/frr-7.4/staticd/static_nht.h Examining data/frr-7.4/staticd/static_routes.c Examining data/frr-7.4/staticd/static_routes.h Examining data/frr-7.4/staticd/static_vrf.c Examining data/frr-7.4/staticd/static_vrf.h Examining data/frr-7.4/staticd/static_vty.c Examining data/frr-7.4/staticd/static_vty.h Examining data/frr-7.4/staticd/static_zebra.c Examining data/frr-7.4/staticd/static_zebra.h Examining data/frr-7.4/tests/bgpd/test_aspath.c Examining data/frr-7.4/tests/bgpd/test_bgp_table.c Examining data/frr-7.4/tests/bgpd/test_capability.c Examining data/frr-7.4/tests/bgpd/test_ecommunity.c Examining data/frr-7.4/tests/bgpd/test_mp_attr.c Examining data/frr-7.4/tests/bgpd/test_mpath.c Examining data/frr-7.4/tests/bgpd/test_packet.c Examining data/frr-7.4/tests/bgpd/test_peer_attr.c Examining data/frr-7.4/tests/helpers/c/main.c Examining data/frr-7.4/tests/helpers/c/prng.c Examining data/frr-7.4/tests/helpers/c/prng.h Examining data/frr-7.4/tests/helpers/c/tests.h Examining data/frr-7.4/tests/isisd/test_fuzz_isis_tlv.c Examining data/frr-7.4/tests/isisd/test_isis_lspdb.c Examining data/frr-7.4/tests/isisd/test_isis_vertex_queue.c Examining data/frr-7.4/tests/lib/cli/common_cli.c Examining data/frr-7.4/tests/lib/cli/common_cli.h Examining data/frr-7.4/tests/lib/cli/test_cli.c Examining data/frr-7.4/tests/lib/cli/test_commands.c Examining data/frr-7.4/tests/lib/cxxcompat.c Examining data/frr-7.4/tests/lib/northbound/test_oper_data.c Examining data/frr-7.4/tests/lib/test_atomlist.c Examining data/frr-7.4/tests/lib/test_buffer.c Examining data/frr-7.4/tests/lib/test_checksum.c Examining data/frr-7.4/tests/lib/test_graph.c Examining data/frr-7.4/tests/lib/test_heavy.c Examining data/frr-7.4/tests/lib/test_heavy_thread.c Examining data/frr-7.4/tests/lib/test_heavy_wq.c Examining data/frr-7.4/tests/lib/test_idalloc.c Examining data/frr-7.4/tests/lib/test_memory.c Examining data/frr-7.4/tests/lib/test_nexthop_iter.c Examining data/frr-7.4/tests/lib/test_ntop.c Examining data/frr-7.4/tests/lib/test_prefix2str.c Examining data/frr-7.4/tests/lib/test_printfrr.c Examining data/frr-7.4/tests/lib/test_privs.c Examining data/frr-7.4/tests/lib/test_ringbuf.c Examining data/frr-7.4/tests/lib/test_segv.c Examining data/frr-7.4/tests/lib/test_seqlock.c Examining data/frr-7.4/tests/lib/test_sig.c Examining data/frr-7.4/tests/lib/test_srcdest_table.c Examining data/frr-7.4/tests/lib/test_stream.c Examining data/frr-7.4/tests/lib/test_table.c Examining data/frr-7.4/tests/lib/test_timer_correctness.c Examining data/frr-7.4/tests/lib/test_timer_performance.c Examining data/frr-7.4/tests/lib/test_ttable.c Examining data/frr-7.4/tests/lib/test_typelist.c Examining data/frr-7.4/tests/lib/test_typelist.h Examining data/frr-7.4/tests/lib/test_versioncmp.c Examining data/frr-7.4/tests/lib/test_zlog.c Examining data/frr-7.4/tests/lib/test_zmq.c Examining data/frr-7.4/tests/ospf6d/test_lsdb.c Examining data/frr-7.4/tools/cocci.h Examining data/frr-7.4/tools/frr-llvm-cg.c Examining data/frr-7.4/tools/gcc-plugins/format-test.c Examining data/frr-7.4/tools/gcc-plugins/frr-format.c Examining data/frr-7.4/tools/gcc-plugins/frr-format.h Examining data/frr-7.4/tools/gcc-plugins/gcc-common.h Examining data/frr-7.4/tools/gen_northbound_callbacks.c Examining data/frr-7.4/tools/gen_yang_deviations.c Examining data/frr-7.4/tools/permutations.c Examining data/frr-7.4/tools/start-stop-daemon.c Examining data/frr-7.4/vrrpd/vrrp.c Examining data/frr-7.4/vrrpd/vrrp.h Examining data/frr-7.4/vrrpd/vrrp_arp.c Examining data/frr-7.4/vrrpd/vrrp_arp.h Examining data/frr-7.4/vrrpd/vrrp_debug.c Examining data/frr-7.4/vrrpd/vrrp_debug.h Examining data/frr-7.4/vrrpd/vrrp_main.c Examining data/frr-7.4/vrrpd/vrrp_ndisc.c Examining data/frr-7.4/vrrpd/vrrp_ndisc.h Examining data/frr-7.4/vrrpd/vrrp_northbound.c Examining data/frr-7.4/vrrpd/vrrp_packet.c Examining data/frr-7.4/vrrpd/vrrp_packet.h Examining data/frr-7.4/vrrpd/vrrp_vty.c Examining data/frr-7.4/vrrpd/vrrp_vty.h Examining data/frr-7.4/vrrpd/vrrp_zebra.c Examining data/frr-7.4/vrrpd/vrrp_zebra.h Examining data/frr-7.4/vtysh/vtysh.c Examining data/frr-7.4/vtysh/vtysh.h Examining data/frr-7.4/vtysh/vtysh_config.c Examining data/frr-7.4/vtysh/vtysh_main.c Examining data/frr-7.4/vtysh/vtysh_user.c Examining data/frr-7.4/vtysh/vtysh_user.h Examining data/frr-7.4/watchfrr/watchfrr.c Examining data/frr-7.4/watchfrr/watchfrr.h Examining data/frr-7.4/watchfrr/watchfrr_errors.c Examining data/frr-7.4/watchfrr/watchfrr_errors.h Examining data/frr-7.4/watchfrr/watchfrr_vty.c Examining data/frr-7.4/yang/libyang_plugins/frr_user_types.c Examining data/frr-7.4/zebra/connected.c Examining data/frr-7.4/zebra/connected.h Examining data/frr-7.4/zebra/debug.c Examining data/frr-7.4/zebra/debug.h Examining data/frr-7.4/zebra/dplane_fpm_nl.c Examining data/frr-7.4/zebra/if_ioctl.c Examining data/frr-7.4/zebra/if_ioctl_solaris.c Examining data/frr-7.4/zebra/if_netlink.c Examining data/frr-7.4/zebra/if_netlink.h Examining data/frr-7.4/zebra/if_sysctl.c Examining data/frr-7.4/zebra/interface.c Examining data/frr-7.4/zebra/interface.h Examining data/frr-7.4/zebra/ioctl.c Examining data/frr-7.4/zebra/ioctl.h Examining data/frr-7.4/zebra/ioctl_solaris.c Examining data/frr-7.4/zebra/ioctl_solaris.h Examining data/frr-7.4/zebra/ipforward.h Examining data/frr-7.4/zebra/ipforward_proc.c Examining data/frr-7.4/zebra/ipforward_solaris.c Examining data/frr-7.4/zebra/ipforward_sysctl.c Examining data/frr-7.4/zebra/irdp.h Examining data/frr-7.4/zebra/irdp_interface.c Examining data/frr-7.4/zebra/irdp_main.c Examining data/frr-7.4/zebra/irdp_packet.c Examining data/frr-7.4/zebra/kernel_netlink.c Examining data/frr-7.4/zebra/kernel_netlink.h Examining data/frr-7.4/zebra/kernel_socket.c Examining data/frr-7.4/zebra/kernel_socket.h Examining data/frr-7.4/zebra/label_manager.c Examining data/frr-7.4/zebra/label_manager.h Examining data/frr-7.4/zebra/main.c Examining data/frr-7.4/zebra/redistribute.c Examining data/frr-7.4/zebra/redistribute.h Examining data/frr-7.4/zebra/rib.h Examining data/frr-7.4/zebra/router-id.c Examining data/frr-7.4/zebra/router-id.h Examining data/frr-7.4/zebra/rt.h Examining data/frr-7.4/zebra/rt_netlink.c Examining data/frr-7.4/zebra/rt_netlink.h Examining data/frr-7.4/zebra/rt_socket.c Examining data/frr-7.4/zebra/rtadv.c Examining data/frr-7.4/zebra/rtadv.h Examining data/frr-7.4/zebra/rtread_getmsg.c Examining data/frr-7.4/zebra/rtread_netlink.c Examining data/frr-7.4/zebra/rtread_sysctl.c Examining data/frr-7.4/zebra/rule_netlink.c Examining data/frr-7.4/zebra/rule_netlink.h Examining data/frr-7.4/zebra/rule_socket.c Examining data/frr-7.4/zebra/sample_plugin.c Examining data/frr-7.4/zebra/table_manager.c Examining data/frr-7.4/zebra/table_manager.h Examining data/frr-7.4/zebra/zapi_msg.c Examining data/frr-7.4/zebra/zapi_msg.h Examining data/frr-7.4/zebra/zebra_dplane.c Examining data/frr-7.4/zebra/zebra_dplane.h Examining data/frr-7.4/zebra/zebra_errors.c Examining data/frr-7.4/zebra/zebra_errors.h Examining data/frr-7.4/zebra/zebra_fpm.c Examining data/frr-7.4/zebra/zebra_fpm_dt.c Examining data/frr-7.4/zebra/zebra_fpm_netlink.c Examining data/frr-7.4/zebra/zebra_fpm_private.h Examining data/frr-7.4/zebra/zebra_fpm_protobuf.c Examining data/frr-7.4/zebra/zebra_gr.c Examining data/frr-7.4/zebra/zebra_l2.c Examining data/frr-7.4/zebra/zebra_l2.h Examining data/frr-7.4/zebra/zebra_memory.c Examining data/frr-7.4/zebra/zebra_memory.h Examining data/frr-7.4/zebra/zebra_mlag.c Examining data/frr-7.4/zebra/zebra_mlag.h Examining data/frr-7.4/zebra/zebra_mlag_private.c Examining data/frr-7.4/zebra/zebra_mlag_vty.c Examining data/frr-7.4/zebra/zebra_mlag_vty.h Examining data/frr-7.4/zebra/zebra_mpls.c Examining data/frr-7.4/zebra/zebra_mpls.h Examining data/frr-7.4/zebra/zebra_mpls_netlink.c Examining data/frr-7.4/zebra/zebra_mpls_null.c Examining data/frr-7.4/zebra/zebra_mpls_openbsd.c Examining data/frr-7.4/zebra/zebra_mpls_vty.c Examining data/frr-7.4/zebra/zebra_mroute.c Examining data/frr-7.4/zebra/zebra_mroute.h Examining data/frr-7.4/zebra/zebra_nb.c Examining data/frr-7.4/zebra/zebra_nb.h Examining data/frr-7.4/zebra/zebra_nb_config.c Examining data/frr-7.4/zebra/zebra_nb_rpcs.c Examining data/frr-7.4/zebra/zebra_nb_state.c Examining data/frr-7.4/zebra/zebra_netns_id.c Examining data/frr-7.4/zebra/zebra_netns_id.h Examining data/frr-7.4/zebra/zebra_netns_notify.c Examining data/frr-7.4/zebra/zebra_netns_notify.h Examining data/frr-7.4/zebra/zebra_nhg.c Examining data/frr-7.4/zebra/zebra_nhg.h Examining data/frr-7.4/zebra/zebra_nhg_private.h Examining data/frr-7.4/zebra/zebra_ns.c Examining data/frr-7.4/zebra/zebra_ns.h Examining data/frr-7.4/zebra/zebra_pbr.c Examining data/frr-7.4/zebra/zebra_pbr.h Examining data/frr-7.4/zebra/zebra_ptm.c Examining data/frr-7.4/zebra/zebra_ptm.h Examining data/frr-7.4/zebra/zebra_ptm_redistribute.c Examining data/frr-7.4/zebra/zebra_ptm_redistribute.h Examining data/frr-7.4/zebra/zebra_pw.c Examining data/frr-7.4/zebra/zebra_pw.h Examining data/frr-7.4/zebra/zebra_rib.c Examining data/frr-7.4/zebra/zebra_rnh.c Examining data/frr-7.4/zebra/zebra_rnh.h Examining data/frr-7.4/zebra/zebra_routemap.c Examining data/frr-7.4/zebra/zebra_routemap.h Examining data/frr-7.4/zebra/zebra_router.c Examining data/frr-7.4/zebra/zebra_router.h Examining data/frr-7.4/zebra/zebra_snmp.c Examining data/frr-7.4/zebra/zebra_vrf.c Examining data/frr-7.4/zebra/zebra_vrf.h Examining data/frr-7.4/zebra/zebra_vty.c Examining data/frr-7.4/zebra/zebra_vxlan.c Examining data/frr-7.4/zebra/zebra_vxlan.h Examining data/frr-7.4/zebra/zebra_vxlan_private.h Examining data/frr-7.4/zebra/zserv.c Examining data/frr-7.4/zebra/zserv.h FINAL RESULTS: data/frr-7.4/ldpd/control.c:72:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP) == -1) { data/frr-7.4/lib/libfrr.c:622:6: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(path, ids.uid_normal, ids.gid_normal)) data/frr-7.4/lib/vty.c:1995:7: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(path, -1, ids.gid_vty)) { data/frr-7.4/lib/zlog.c:654:2: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(TMPBASEDIR, zlog_uid, zlog_gid); data/frr-7.4/lib/zlog.c:678:2: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(zlog_tmpdir, zlog_uid, zlog_gid); data/frr-7.4/bfdd/bfd_packet.c:525:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, vl); data/frr-7.4/bfdd/bfdd.c:194:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctl_path, sizeof(ctl_path), BFDD_CONTROL_SOCKET, data/frr-7.4/bfdd/bfdd.c:214:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctl_path, sizeof(ctl_path), BFDD_CONTROL_SOCKET, data/frr-7.4/bfdd/ptm_adapter.c:123:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msgbuf, sizeof(msgbuf), fmt, vl); data/frr-7.4/bgpd/bgp_flowspec_vty.c:76:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _len_written = snprintf((ptr), (remaining_len), \ data/frr-7.4/bgpd/bgp_flowspec_vty.c:82:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. _len_written = snprintf((ptr), (remaining_len), \ data/frr-7.4/bgpd/bgp_pbr.c:177:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "%s", prepend); data/frr-7.4/bgpd/bgp_pbr.c:1302:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "@src %s", prefix2str(p, buff, 64)); data/frr-7.4/bgpd/bgp_pbr.c:1309:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "@dst %s", prefix2str(p, buff, 64)); data/frr-7.4/bgpd/bgp_pbr.c:1406:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, data/frr-7.4/bgpd/bgp_pbr.c:1414:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "@redirect vrf %s(%u)", data/frr-7.4/bgpd/bgp_rd.c:177:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, size, "%u:%" PRIu32, rd_as.as, rd_as.val); data/frr-7.4/bgpd/bgp_rd.c:181:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, size, "%u:%" PRIu32, rd_as.as, rd_as.val); data/frr-7.4/bgpd/bgp_rd.c:185:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, size, "%s:%" PRIu16, inet_ntoa(rd_ip.ip), data/frr-7.4/bgpd/bgp_route.c:510:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "path %s (addpath rxid %d)", pi->peer->host, data/frr-7.4/bgpd/bgp_route.c:513:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "path %s", pi->peer->host); data/frr-7.4/bgpd/bgp_routemap.c:2798:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(arg, "%s %s", as, address) != 2) { data/frr-7.4/bgpd/bgp_routemap.c:4345:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argstr, "%s exact-match", argv[idx_comm_list]->arg); data/frr-7.4/bgpd/bgp_routemap.c:4392:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argstr, "%s exact-match", argv[idx_lcomm_list]->arg); data/frr-7.4/bgpd/bgp_routemap.c:5282:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argstr, "%s %s", argv[idx_number]->arg, argv[idx_ipv4]->arg); data/frr-7.4/bgpd/bgp_routemap.c:5323:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argstr, "%s %s", argv[idx_asn]->arg, argv[idx_ip]->arg); data/frr-7.4/bgpd/bgpd.c:5779:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void peer_distribute_update(struct access_list *access) data/frr-7.4/bgpd/rfapi/rfapi_vty.c:343:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(file, format, args); data/frr-7.4/eigrpd/eigrp_cli.c:736:55: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. nb_cli_enqueue_change(vty, xpath_auth, NB_OP_MODIFY, crypt); data/frr-7.4/eigrpd/eigrp_cli.c:774:19: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. eif->eigrp->AS, crypt); data/frr-7.4/eigrpd/eigrp_hello.c:422:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. ret = sscanf(ver_string, "%" SCNu32 ".%" SCNu32, &FRR_MAJOR, data/frr-7.4/isisd/isis_lsp.c:621:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dest, "%s.%02x-%02x", id, LSP_PSEUDO_ID(lsp_id), data/frr-7.4/isisd/isis_lsp.c:624:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dest, "%s.%02x", id, LSP_PSEUDO_ID(lsp_id)); data/frr-7.4/isisd/isis_misc.c:193:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), "%" PRIu8, nlpid); data/frr-7.4/isisd/isis_misc.c:209:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. pos += sprintf(pos, "%s", nlpid2str(nlpids->nlpids[i])); data/frr-7.4/isisd/isis_mt.c:75:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), "%" PRIu16, mtid); data/frr-7.4/isisd/isis_tlvs.c:2834:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(obuf + 2 * j, sizeof(obuf) - 2 * j, data/frr-7.4/ldpd/ldp_zebra.c:47:58: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void ldp_zebra_filter_update(struct access_list *access); data/frr-7.4/ldpd/ldp_zebra.c:530:45: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ldp_zebra_filter_update(struct access_list *access) data/frr-7.4/ldpd/ldp_zebra.c:534:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access && access->name[0] != '\0') { data/frr-7.4/ldpd/ldpd.c:227:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctl_sock_path, sizeof(ctl_sock_path), LDPD_SOCKET, data/frr-7.4/ldpd/ldpd.c:289:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ctl_sock_path, sizeof(ctl_sock_path), LDPD_SOCKET, data/frr-7.4/ldpd/ldpd.c:543:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv0, argv); data/frr-7.4/ldpd/log.c:47:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/frr-7.4/ldpd/log.c:52:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/frr-7.4/ldpd/log.h:27:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 3))); data/frr-7.4/ldpd/log.h:29:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 2, 0))); data/frr-7.4/ldpd/log.h:31:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/frr-7.4/ldpd/log.h:33:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/frr-7.4/ldpd/log.h:35:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/frr-7.4/ldpd/log.h:37:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/frr-7.4/ldpd/log.h:39:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 2))); data/frr-7.4/ldpd/log.h:42:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 0))); data/frr-7.4/ldpd/log.h:45:30: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((__format__ (printf, 1, 0))); data/frr-7.4/lib/clippy.c:112:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/frr-7.4/lib/command.c:366:8: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt(const char *, const char *); data/frr-7.4/lib/command.c:374:9: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. return crypt(passwd, salt); data/frr-7.4/lib/command_match.c:40:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/frr-7.4/lib/compiler.h:318:46: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define PRINTFRR(a, b) __attribute__((format(printf, a, b))) data/frr-7.4/lib/csv.c:43:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, \ data/frr-7.4/lib/csv.c:50:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, \ data/frr-7.4/lib/csv.c:384:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. offset += sprintf(&msgbuf[offset], "%s", rec->record); data/frr-7.4/lib/db.c:56:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(path, sizeof(path), path_fmt, ap); data/frr-7.4/lib/db.c:315:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(stmt, sizeof(stmt), stmt_fmt, ap); data/frr-7.4/lib/ferr.c:133:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(key, sizeof(key), "%"PRIu32, ref->code); data/frr-7.4/lib/ferr.c:251:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(error->message, sizeof(error->message), text, va); data/frr-7.4/lib/ferr.c:286:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(tmpmsg, sizeof(tmpmsg), msg, va); data/frr-7.4/lib/filter.c:207:50: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void access_list_free(struct access_list *access) data/frr-7.4/lib/filter.c:209:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. XFREE(MTYPE_ACCESS_LIST, access); data/frr-7.4/lib/filter.c:213:52: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void access_list_delete(struct access_list *access) data/frr-7.4/lib/filter.c:246:19: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_free(access); data/frr-7.4/lib/filter.c:255:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:302:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. alist->head = alist->tail = access; data/frr-7.4/lib/filter.c:303:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:309:23: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. alist->tail->next = access; data/frr-7.4/lib/filter.c:310:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. alist->tail = access; data/frr-7.4/lib/filter.c:311:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:317:23: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. alist->head->prev = access; data/frr-7.4/lib/filter.c:318:17: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. alist->head = access; data/frr-7.4/lib/filter.c:319:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:327:23: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. point->prev->next = access; data/frr-7.4/lib/filter.c:328:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. point->prev = access; data/frr-7.4/lib/filter.c:330:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:336:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:346:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = access->next) data/frr-7.4/lib/filter.c:348:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:350:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = access->next) data/frr-7.4/lib/filter.c:352:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:361:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:366:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/frr-7.4/lib/filter.c:370:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. enum filter_type access_list_apply(struct access_list *access, data/frr-7.4/lib/filter.c:393:60: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. void access_list_add_hook(void (*func)(struct access_list *access)) data/frr-7.4/lib/filter.c:401:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. void access_list_delete_hook(void (*func)(struct access_list *access)) data/frr-7.4/lib/filter.c:409:55: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static int64_t filter_new_seq_get(struct access_list *access) data/frr-7.4/lib/filter.c:428:60: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static struct filter *filter_seq_check(struct access_list *access, data/frr-7.4/lib/filter.c:440:51: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static bool access_list_empty(struct access_list *access) data/frr-7.4/lib/filter.c:450:59: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void access_list_filter_delete(struct access_list *access, data/frr-7.4/lib/filter.c:473:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (*master->delete_hook)(access); data/frr-7.4/lib/filter.c:476:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access_list_empty(access) && !replace) data/frr-7.4/lib/filter.c:477:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:481:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void access_list_filter_add(struct access_list *access, data/frr-7.4/lib/filter.c:489:36: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. filter->seq = filter_new_seq_get(access); data/frr-7.4/lib/filter.c:495:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. replace = filter_seq_check(access, filter->seq); data/frr-7.4/lib/filter.c:497:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_filter_delete(access, replace); data/frr-7.4/lib/filter.c:528:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (*access->master->add_hook)(access); data/frr-7.4/lib/filter.c:544:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static struct filter *filter_lookup_cisco(struct access_list *access, data/frr-7.4/lib/filter.c:576:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static struct filter *filter_lookup_zebra(struct access_list *access, data/frr-7.4/lib/filter.c:600:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:603:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access) { data/frr-7.4/lib/filter.c:611:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:626:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:692:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (filter_lookup_cisco(access, mfilter)) data/frr-7.4/lib/filter.c:695:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_filter_add(access, mfilter); data/frr-7.4/lib/filter.c:699:39: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. delete_filter = filter_lookup_cisco(access, mfilter); data/frr-7.4/lib/filter.c:701:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_filter_delete(access, delete_filter); data/frr-7.4/lib/filter.c:1800:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:1865:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (filter_lookup_zebra(access, mfilter)) data/frr-7.4/lib/filter.c:1868:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_filter_add(access, mfilter); data/frr-7.4/lib/filter.c:1871:39: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. delete_filter = filter_lookup_zebra(access, mfilter); data/frr-7.4/lib/filter.c:1873:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_filter_delete(access, delete_filter); data/frr-7.4/lib/filter.c:2175:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2191:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (*master->delete_hook)(access); data/frr-7.4/lib/filter.c:2194:21: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2213:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2421:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2437:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (*master->delete_hook)(access); data/frr-7.4/lib/filter.c:2440:21: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2456:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2502:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2515:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = access->next) { data/frr-7.4/lib/filter.c:2564:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = access->next) { data/frr-7.4/lib/filter.c:2752:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2761:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = access->next) { data/frr-7.4/lib/filter.c:2788:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = access->next) { data/frr-7.4/lib/filter.c:2832:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2840:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = next) { data/frr-7.4/lib/filter.c:2842:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2844:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = next) { data/frr-7.4/lib/filter.c:2846:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2887:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2895:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = next) { data/frr-7.4/lib/filter.c:2897:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2899:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = next) { data/frr-7.4/lib/filter.c:2901:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2976:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access_list *access; data/frr-7.4/lib/filter.c:2984:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->num.head; access; access = next) { data/frr-7.4/lib/filter.c:2986:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.c:2988:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. for (access = master->str.head; access; access = next) { data/frr-7.4/lib/filter.c:2990:22: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access_list_delete(access); data/frr-7.4/lib/filter.h:66:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. extern enum filter_type access_list_apply(struct access_list *access, data/frr-7.4/lib/grammar_sandbox.c:320:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(appendp, "%s ", tok->text); data/frr-7.4/lib/libfrr.c:294:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frr_vtydir, sizeof(frr_vtydir), DAEMON_VTY_DIR, "", ""); data/frr-7.4/lib/libfrr.c:324:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frr_zclientpath, sizeof(frr_zclientpath), data/frr-7.4/lib/libfrr.c:452:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frr_zclientpath, sizeof(frr_zclientpath), data/frr-7.4/lib/libfrr.c:454:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(frr_vtydir, sizeof(frr_vtydir), DAEMON_VTY_DIR, "/", data/frr-7.4/lib/northbound_cli.c:100:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath_base, sizeof(xpath_base), xpath_base_fmt, ap); data/frr-7.4/lib/northbound_cli.c:613:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(command, "r"); data/frr-7.4/lib/prefix.c:1175:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(prefix_str, "%s/%d", net_str, prefixlen); data/frr-7.4/lib/printf/vfprintf.c:480:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), fmt, prec, arg); data/frr-7.4/lib/printf/vfprintf.c:487:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), fmt, prec, arg); data/frr-7.4/lib/ptm_lib.c:43:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, \ data/frr-7.4/lib/ptm_lib.c:50:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, "%s:%d:%s(): " fmt, __FILE__, \ data/frr-7.4/lib/termtable.c:444:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. pos += sprintf(&buf[pos], fmt, abspad, row[j].text); data/frr-7.4/lib/vty.c:424:8: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *crypt(const char *, const char *); data/frr-7.4/lib/vty.c:448:18: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. fail = strcmp(crypt(buf, passwd), passwd); data/frr-7.4/lib/vty.c:510:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(prompt_str, sizeof(prompt_str), cmd_prompt(vty->node), data/frr-7.4/lib/vty.c:2440:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmp, "%s/%s", cwd, config_file); data/frr-7.4/lib/yang.c:385:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang.c:409:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang.c:440:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang.c:463:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang.c:590:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang.c:640:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(yang_models_path, R_OK | X_OK)) { data/frr-7.4/lib/yang_translator.c:335:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. n = sscanf(xpath, mapping->xpath_from_fmt, keys[0], keys[1], keys[2], data/frr-7.4/lib/yang_translator.c:344:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(xpath, xpath_len, mapping->xpath_to_fmt, keys[0], keys[1], data/frr-7.4/lib/yang_wrappers.c:82:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:100:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:144:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:163:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:256:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:274:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:308:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:326:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:360:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:378:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:412:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:430:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:464:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:482:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:516:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:534:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:568:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:586:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:620:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:638:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:672:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:690:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:718:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:740:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:763:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:777:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:824:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:848:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:883:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:901:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:940:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:958:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:993:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:1011:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:1050:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:1068:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:1103:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/yang_wrappers.c:1121:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(xpath, sizeof(xpath), xpath_fmt, ap); data/frr-7.4/lib/zebra.h:134:15: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. # define crypt DES_crypt data/frr-7.4/nhrpd/nhrp_event.c:66:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buf, "eventid=%" SCNu32, &eventid) != 1) data/frr-7.4/ospf6d/ospf6_intra.c:86:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", buf2, buf1); data/frr-7.4/ospfd/ospf_dump.c:528:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. zlog_debug(" Key ID %d", ospfh->u.crypt.key_id); data/frr-7.4/ospfd/ospf_dump.c:529:45: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. zlog_debug(" Auth Data Len %d", ospfh->u.crypt.auth_data_len); data/frr-7.4/ospfd/ospf_dump.c:531:37: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. (unsigned long)ntohl(ospfh->u.crypt.crypt_seqnum)); data/frr-7.4/ospfd/ospf_interface.c:1184:38: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. void ospf_crypt_key_add(struct list *crypt, struct crypt_key *ck) data/frr-7.4/ospfd/ospf_interface.c:1186:15: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. listnode_add(crypt, ck); data/frr-7.4/ospfd/ospf_neighbor.c:448:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum; data/frr-7.4/ospfd/ospf_packet.c:321:17: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.key_id); data/frr-7.4/ospfd/ospf_packet.c:324:28: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. IF_NAME(oi), ospfh->u.crypt.key_id); data/frr-7.4/ospfd/ospf_packet.c:332:51: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. && ntohl(nbr->crypt_seqnum) > ntohl(ospfh->u.crypt.crypt_seqnum)) { data/frr-7.4/ospfd/ospf_packet.c:336:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. IF_NAME(oi), ntohl(ospfh->u.crypt.crypt_seqnum), data/frr-7.4/ospfd/ospf_packet.c:368:32: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. nbr->crypt_seqnum = ospfh->u.crypt.crypt_seqnum; data/frr-7.4/ospfd/ospf_packet.c:406:11: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.crypt_seqnum = htonl(oi->crypt_seqnum); data/frr-7.4/ospfd/ospf_packet.c:2552:19: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. || ospfh->u.crypt.key_id != ck->key_id || data/frr-7.4/ospfd/ospf_packet.c:2822:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. if (oh->u.crypt.auth_data_len != OSPF_AUTH_MD5_SIZE) { data/frr-7.4/ospfd/ospf_packet.c:2826:22: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. __func__, oh->u.crypt.auth_data_len); data/frr-7.4/ospfd/ospf_packet.c:3269:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.zero = 0; data/frr-7.4/ospfd/ospf_packet.c:3270:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.key_id = 0; data/frr-7.4/ospfd/ospf_packet.c:3271:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE; data/frr-7.4/ospfd/ospf_packet.c:3275:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.zero = 0; data/frr-7.4/ospfd/ospf_packet.c:3276:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.key_id = ck->key_id; data/frr-7.4/ospfd/ospf_packet.c:3277:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. ospfh->u.crypt.auth_data_len = OSPF_AUTH_MD5_SIZE; data/frr-7.4/ospfd/ospf_packet.c:4359:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(ping_nbr); data/frr-7.4/ospfd/ospf_packet.h:93:5: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. } crypt; data/frr-7.4/ospfd/ospf_ri.c:1760:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(argv[idx_number]->arg, "%" SCNu32, &as) != 1) { data/frr-7.4/ospfd/ospf_ri.c:1794:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(argv[idx_number]->arg, "%" SCNu32, &as) != 1) { data/frr-7.4/ospfd/ospf_ri.c:1827:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(argv[idx_number]->arg, "%" SCNu32, &as) != 1) { data/frr-7.4/ospfd/ospf_ri.c:1862:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(argv[idx_number]->arg, "%" SCNu32, &as) != 1) { data/frr-7.4/ospfd/ospf_zebra.c:1032:52: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. static void ospf_filter_update(struct access_list *access) data/frr-7.4/pimd/pim_iface.c:1642:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(ifp->name, "pimreg%" SCNu32, &table_id) == 1) { data/frr-7.4/tests/bgpd/test_aspath.c:1134:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OK "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1136:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1190:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OK "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1192:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED "!\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1214:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OK "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1216:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED "!\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1239:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OK "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1241:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED "!\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1277:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(FAILED "\n"); data/frr-7.4/tests/bgpd/test_aspath.c:1287:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(OK "\n"); data/frr-7.4/tests/bgpd/test_peer_attr.c:224:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(buf, buf_size, fmt, apc); data/frr-7.4/tests/lib/test_printfrr.c:39:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/frr-7.4/tools/permutations.c:39:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, USAGE "\n"); data/frr-7.4/tools/start-stop-daemon.c:137:34: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((noreturn, format(printf, 1, 2))); data/frr-7.4/tools/start-stop-daemon.c:188:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, arglist); data/frr-7.4/tools/start-stop-daemon.c:1064:2: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(startas, argv); data/frr-7.4/vrrpd/vrrp.c:2383:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(key, sizeof(key), "%s@%" PRIu8, vr->ifp->name, vr->vrid); data/frr-7.4/vrrpd/vrrp_northbound.c:106:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(args->keys->key[0], sizeof(args->keys->key[0]), "%" PRIu32, data/frr-7.4/vrrpd/vrrp_packet.c:207:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(errmsg, errmsg_len, (_f), \ data/frr-7.4/vtysh/vtysh.c:79:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. vty->of = popen(vtysh_pager_name, "w"); data/frr-7.4/vtysh/vtysh.c:3182:4: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(command, command, (const char *)NULL); data/frr-7.4/vtysh/vtysh.c:3185:4: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(command, command, arg1, (const char *)NULL); data/frr-7.4/vtysh/vtysh.c:3188:4: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execlp(command, command, arg1, arg2, data/frr-7.4/vtysh/vtysh.c:3692:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), cmd_prompt(vty->node), cmd_hostname_get()); data/frr-7.4/watchfrr/watchfrr.c:315:4: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv("/bin/sh", argv); data/frr-7.4/watchfrr/watchfrr.c:490:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(cmd, sizeof(cmd), command, restart->name); data/frr-7.4/watchfrr/watchfrr.c:802:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(addr.sun_path, W_OK) < 0) { data/frr-7.4/watchfrr/watchfrr_vty.c:108:2: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(VTYSH_BIN_PATH, "vtysh", "-w", NULL); data/frr-7.4/zebra/zebra_rib.c:124:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msgbuf, sizeof(msgbuf), msgfmt, ap); data/frr-7.4/babeld/babel_main.c:247:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(seed); data/frr-7.4/bgpd/bgp_dump.c:111:7: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. char realpath[MAXPATHLEN]; data/frr-7.4/bgpd/bgp_dump.c:120:18: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. ret = strftime(realpath, MAXPATHLEN, fullpath, &tm); data/frr-7.4/bgpd/bgp_dump.c:122:18: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. ret = strftime(realpath, MAXPATHLEN, bgp_dump->filename, &tm); data/frr-7.4/bgpd/bgp_dump.c:134:23: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. bgp_dump->fp = fopen(realpath, "w"); data/frr-7.4/bgpd/bgp_dump.c:137:56: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. flog_warn(EC_BGP_DUMP, "bgp_dump_open_file: %s: %s", realpath, data/frr-7.4/isisd/isis_dlpi.c:310:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("DLPI_DEVONLY") == NULL) { data/frr-7.4/lib/command.c:2067:10: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. rpath = realpath(file, p); data/frr-7.4/lib/getopt.c:208:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #ifndef getenv data/frr-7.4/lib/getopt.c:209:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/frr-7.4/lib/getopt.c:389:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. posixly_correct = getenv("POSIXLY_CORRECT"); data/frr-7.4/lib/getopt.c:947:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(argc, argv, optstring) int argc; data/frr-7.4/lib/getopt.c:973:7: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv, "abc:d:0123456789"); data/frr-7.4/lib/getopt.h:122:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt(int argc, char *const *argv, const char *shortopts); data/frr-7.4/lib/getopt.h:124:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt(void); data/frr-7.4/lib/getopt.h:130:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long(int argc, char *const *argv, const char *shortopts, data/frr-7.4/lib/getopt.h:142:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt(); data/frr-7.4/lib/getopt.h:145:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long(); data/frr-7.4/lib/getopt1.c:65:5: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt_long(argc, argv, options, long_options, opt_index) int argc; data/frr-7.4/lib/getopt1.c:112:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "abc:d:0123456789", long_options, data/frr-7.4/lib/libfrr.c:570:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt_long(argc, argv, comb_optstr, comb_lo, &lidx); data/frr-7.4/lib/libfrr.c:638:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/frr-7.4/lib/netns_linux.c:429:12: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. result = realpath(name, pathname); data/frr-7.4/lib/netns_linux.c:435:12: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. result = realpath(tmp_name, pathname); data/frr-7.4/lib/network.c:140:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random(); data/frr-7.4/lib/systemd.c:74:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. watchdog = getenv("WATCHDOG_USEC"); data/frr-7.4/pimd/mtracebis.c:427:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "vh", long_options, &option_index); data/frr-7.4/tests/helpers/c/main.c:115:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt_long(argc, argv, "dhf:A:P:v", longopts, 0); data/frr-7.4/tests/lib/cli/test_commands.c:367:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "e:n:v")) != -1) { data/frr-7.4/tests/lib/test_checksum.c:471:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/frr-7.4/tests/lib/test_privs.c:84:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt_long(argc, argv, "hu:g:", longopts, 0); data/frr-7.4/tests/lib/test_typelist.c:151:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(1); data/frr-7.4/tools/frr-llvm-cg.c:536:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hvqo:")) != -1) { data/frr-7.4/tools/gen_northbound_callbacks.c:320:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "hp:s")) != -1) { data/frr-7.4/tools/gen_yang_deviations.c:53:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "h")) != -1) { data/frr-7.4/tools/start-stop-daemon.c:497:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, data/frr-7.4/tools/start-stop-daemon.c:1000:7: [3] (misc) chroot: chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22). Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root. if (chroot(changeroot) < 0) data/frr-7.4/vtysh/vtysh.c:112:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pager_defined = getenv("VTYSH_PAGER"); data/frr-7.4/vtysh/vtysh_main.c:233:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *user = getenv("USER"); data/frr-7.4/vtysh/vtysh_main.c:343:9: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. opt = getopt_long(argc, argv, "be:c:d:nf:mEhCwN:u", data/frr-7.4/vtysh/vtysh_main.c:591:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VTYSH_LOG")) { data/frr-7.4/vtysh/vtysh_main.c:592:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *logpath = getenv("VTYSH_LOG"); data/frr-7.4/vtysh/vtysh_user.c:213:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((homedir = getenv("HOME")) != NULL) data/frr-7.4/zebra/irdp_interface.c:270:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(seed); data/frr-7.4/babeld/babel_interface.c:149:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(babel_ifp->ipv4, &prefix->u.prefix4, 4); data/frr-7.4/babeld/babel_interface.c:700:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.ipv6mr_multiaddr, protocol_group, 16); data/frr-7.4/babeld/babel_interface.c:765:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.ipv6mr_multiaddr, protocol_group, 16); data/frr-7.4/babeld/babel_interface.c:966:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channels[100]; data/frr-7.4/babeld/babel_interface.c:1111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN + 8]; data/frr-7.4/babeld/babel_interface.c:1168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/babeld/babel_interface.c:1169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN + 8]; data/frr-7.4/babeld/babel_interface.h:53:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffered_id[8]; data/frr-7.4/babeld/babel_interface.h:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffered_nh[4]; data/frr-7.4/babeld/babel_interface.h:55:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffered_prefix[16]; data/frr-7.4/babeld/babel_interface.h:107:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[8]; data/frr-7.4/babeld/babel_interface.h:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16]; data/frr-7.4/babeld/babel_interface.h:110:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[3]; data/frr-7.4/babeld/babel_main.c:61:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char myid[8]; /* unique id (mac address of an interface) */ data/frr-7.4/babeld/babel_main.c:66:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char zeroes[16] = {0}; data/frr-7.4/babeld/babel_main.c:67:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char ones[16] = data/frr-7.4/babeld/babel_main.c:71:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char state_file[1024]; data/frr-7.4/babeld/babel_main.c:73:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char protocol_group[16]; /* babel's link-local multicast address */ data/frr-7.4/babeld/babel_main.c:260:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd_null = open("/dev/null", O_RDONLY); data/frr-7.4/babeld/babel_main.c:286:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(state_file, O_RDONLY); data/frr-7.4/babeld/babel_main.c:298:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/babeld/babel_main.c:299:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[100]; data/frr-7.4/babeld/babel_main.c:310:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sid[8]; data/frr-7.4/babeld/babel_main.c:367:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(state_file, O_WRONLY | O_TRUNC | O_CREAT, 0644); data/frr-7.4/babeld/babel_main.c:374:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/babeld/babel_main.h:33:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char myid[8]; data/frr-7.4/babeld/babel_main.h:35:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char zeroes[16], ones[16]; data/frr-7.4/babeld/babel_main.h:38:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char protocol_group[16]; data/frr-7.4/babeld/babeld.c:244:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char eui[8]; data/frr-7.4/babeld/babeld.c:248:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(myid, eui, 8); data/frr-7.4/babeld/babeld.c:256:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IF_NAMESIZE], *ifname; data/frr-7.4/babeld/babeld.c:257:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char eui[8]; data/frr-7.4/babeld/babeld.c:264:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(myid, eui, 8); data/frr-7.4/babeld/babeld.c:423:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[200]; data/frr-7.4/babeld/kernel.c:215:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eui, tmp, 8); data/frr-7.4/babeld/kernel.c:218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eui, tmp, 3); data/frr-7.4/babeld/kernel.c:221:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eui+5, tmp+3, 3); data/frr-7.4/babeld/kernel.c:245:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", O_RDONLY); data/frr-7.4/babeld/message.c:40:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char packet_header[4] = {42, 2}; data/frr-7.4/babeld/message.c:53:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char tlv_min_length[MESSAGE_MAX + 1] = data/frr-7.4/babeld/message.c:76:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16]; data/frr-7.4/babeld/message.c:98:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, v4prefix, 12); data/frr-7.4/babeld/message.c:101:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, dp, 12 + omitted); data/frr-7.4/babeld/message.c:103:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(pb > omitted) memcpy(prefix + 12 + omitted, p, pb - omitted); data/frr-7.4/babeld/message.c:110:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, dp, omitted); data/frr-7.4/babeld/message.c:112:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(pb > omitted) memcpy(prefix + omitted, p, pb - omitted); data/frr-7.4/babeld/message.c:119:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(pb > 8) memcpy(prefix + 8, p, pb - 8); data/frr-7.4/babeld/message.c:168:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(channels, a + i + 2, len); data/frr-7.4/babeld/message.c:335:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char router_id[8], v4_prefix[16], v6_prefix[16], data/frr-7.4/babeld/message.c:425:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char address[16]; data/frr-7.4/babeld/message.c:450:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(router_id, message + 4, 8); data/frr-7.4/babeld/message.c:455:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nh[16]; data/frr-7.4/babeld/message.c:468:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v4_nh, nh, 16); data/frr-7.4/babeld/message.c:471:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v6_nh, nh, 16); data/frr-7.4/babeld/message.c:475:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16], *nh; data/frr-7.4/babeld/message.c:477:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char channels[DIVERSITY_HOPS]; data/frr-7.4/babeld/message.c:502:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v4_prefix, prefix, 16); data/frr-7.4/babeld/message.c:505:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v6_prefix, prefix, 16); data/frr-7.4/babeld/message.c:512:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(router_id + 4, prefix + 12, 4); data/frr-7.4/babeld/message.c:514:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(router_id, prefix + 8, 8); data/frr-7.4/babeld/message.c:574:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16], plen; data/frr-7.4/babeld/message.c:600:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16], plen; data/frr-7.4/babeld/message.c:738:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sin6.sin6_addr, protocol_group, 16); data/frr-7.4/babeld/message.c:857:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(babel_ifp->sendbuf + babel_ifp->buffered, value, len); data/frr-7.4/babeld/message.c:918:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unicast_buffer + unicast_buffered, value, len); data/frr-7.4/babeld/message.c:1000:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sin6.sin6_addr, unicast_neighbour->address, 16); data/frr-7.4/babeld/message.c:1072:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(babel_ifp->buffered_nh, babel_ifp->ipv4, 4); data/frr-7.4/babeld/message.c:1126:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(babel_ifp->buffered_prefix, prefix, 16); data/frr-7.4/babeld/message.c:1204:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b[i].id, route->src->id, 8); data/frr-7.4/babeld/message.c:1206:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b[i].id, myid, 8); data/frr-7.4/babeld/message.c:1233:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char channels[DIVERSITY_HOPS]; data/frr-7.4/babeld/message.c:1255:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(channels, route->channels, DIVERSITY_HOPS); data/frr-7.4/babeld/message.c:1264:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(channels + 1, route->channels, DIVERSITY_HOPS - 1); data/frr-7.4/babeld/message.c:1336:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(babel_ifp->buffered_updates[babel_ifp->num_buffered_updates].prefix, data/frr-7.4/babeld/neighbour.c:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(neigh->address, address, 16); data/frr-7.4/babeld/neighbour.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char address[16]; data/frr-7.4/babeld/resend.c:120:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resend->id, id, 8); data/frr-7.4/babeld/resend.c:133:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resend->prefix, prefix, 16); data/frr-7.4/babeld/resend.c:137:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resend->id, id, 8); data/frr-7.4/babeld/resend.h:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16]; data/frr-7.4/babeld/resend.h:39:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[8]; data/frr-7.4/babeld/route.c:857:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->channels, channels, data/frr-7.4/babeld/route.c:896:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(route->nexthop, nexthop, 16); data/frr-7.4/babeld/route.c:904:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->channels, channels, data/frr-7.4/babeld/route.h:46:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nexthop[16]; data/frr-7.4/babeld/route.h:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char channels[DIVERSITY_HOPS]; data/frr-7.4/babeld/route.h:107:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct babel_route *install_best_route(const unsigned char prefix[16], data/frr-7.4/babeld/source.c:70:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src->id, id, 8); data/frr-7.4/babeld/source.c:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src->prefix, p, 16); data/frr-7.4/babeld/source.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id[8]; data/frr-7.4/babeld/source.h:31:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16]; data/frr-7.4/babeld/util.c:244:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, prefix, 16); data/frr-7.4/babeld/util.c:249:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, prefix, plen / 8); data/frr-7.4/babeld/util.c:256:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char v4prefix[16] = data/frr-7.4/babeld/util.c:259:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char llprefix[16] = data/frr-7.4/babeld/util.c:265:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4][INET6_ADDRSTRLEN]; data/frr-7.4/babeld/util.c:278:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4][INET6_ADDRSTRLEN + 4]; data/frr-7.4/babeld/util.c:297:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4][28]; data/frr-7.4/babeld/util.c:309:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4][15]; data/frr-7.4/babeld/util.c:332:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr_r, &ina6, 16); data/frr-7.4/babeld/util.c:415:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, v4prefix, 12); data/frr-7.4/babeld/util.c:416:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + 12, src, 4); data/frr-7.4/babeld/util.c:430:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src + 12, 4); data/frr-7.4/babeld/util.c:436:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, 16); data/frr-7.4/babeld/util.c:442:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, 16); data/frr-7.4/babeld/util.h:45:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(_dd), (_s), 2); \ data/frr-7.4/babeld/util.h:49:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(_dd), (_s), 4); \ data/frr-7.4/babeld/util.h:54:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((_d), &(_dd), 2); } while(0) data/frr-7.4/babeld/util.h:58:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((_d), &(_dd), 4); } while(0) data/frr-7.4/babeld/util.h:125:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char v4prefix[16]; data/frr-7.4/babeld/xroute.c:37:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int xroute_add_new_route(unsigned char prefix[16], unsigned char plen, data/frr-7.4/babeld/xroute.c:48:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uchar_prefix[16]; data/frr-7.4/babeld/xroute.c:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uchar_prefix[16]; data/frr-7.4/babeld/xroute.c:118:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xroutes + i, xroutes + numxroutes - 1, sizeof(struct xroute)); data/frr-7.4/babeld/xroute.c:138:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. add_xroute(unsigned char prefix[16], unsigned char plen, data/frr-7.4/babeld/xroute.c:161:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xroutes[numxroutes].prefix, prefix, 16); data/frr-7.4/babeld/xroute.c:210:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. xroute_add_new_route(unsigned char prefix[16], unsigned char plen, data/frr-7.4/babeld/xroute.h:28:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char prefix[16]; data/frr-7.4/bfdd/bfd.c:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key->peer, &peer->sa_sin.sin_addr, data/frr-7.4/bfdd/bfd.c:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key->local, &local->sa_sin.sin_addr, data/frr-7.4/bfdd/bfd.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key->peer, &peer->sa_sin6.sin6_addr, data/frr-7.4/bfdd/bfd.c:80:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key->local, &local->sa_sin6.sin6_addr, data/frr-7.4/bfdd/bfd.c:711:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bfd->key.peer, &bpc->bpc_peer.sa_sin.sin_addr, data/frr-7.4/bfdd/bfd.c:713:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bfd->key.local, &bpc->bpc_local.sa_sin.sin_addr, data/frr-7.4/bfdd/bfd.c:718:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bfd->key.peer, &bpc->bpc_peer.sa_sin6.sin6_addr, data/frr-7.4/bfdd/bfd.c:720:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bfd->key.local, &bpc->bpc_local.sa_sin6.sin6_addr, data/frr-7.4/bfdd/bfd.c:1118:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[INETSTR_BUFCOUNT][INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.c:1249:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/frr-7.4/bfdd/bfd.c:1250:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.c:1280:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bso->bso_addr.u.prefix, &bs->key.local, data/frr-7.4/bfdd/bfd.c:1428:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.c:1443:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.c:1473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.c:1856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_srcaddr[XPATH_MAXLEN + 32]; data/frr-7.4/bfdd/bfd.c:1857:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfd.h:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[MAXNAMELEN]; data/frr-7.4/bfdd/bfd.h:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrfname[MAXNAMELEN]; data/frr-7.4/bfdd/bfd.h:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pl_label[MAXNAMELEN]; data/frr-7.4/bfdd/bfd.h:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bso_entryname[MAXNAMELEN]; data/frr-7.4/bfdd/bfd_packet.c:351:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ttl, CMSG_DATA(cm), sizeof(*ttl)); data/frr-7.4/bfdd/bfd_packet.c:496:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512], peerstr[128], localstr[128], portstr[64], vrfstr[64]; data/frr-7.4/bfdd/bfd_packet.c:807:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &ttlval, sizeof(ttlval)); data/frr-7.4/bfdd/bfdctl.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpc_label[MAXNAMELEN]; data/frr-7.4/bfdd/bfdctl.h:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpc_localif[MAXNAMELEN + 1]; data/frr-7.4/bfdd/bfdctl.h:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpc_vrfname[MAXNAMELEN + 1]; data/frr-7.4/bfdd/bfdd.c:177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bglobal.bfdd_privs, &bfdd_privs, data/frr-7.4/bfdd/bfdd.c:183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctl_path[512]; data/frr-7.4/bfdd/bfdd_cli.c:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_cli.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_srcaddr[XPATH_MAXLEN + 32]; data/frr-7.4/bfdd/bfdd_cli.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/bfdd/bfdd_cli.c:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_cli.c:296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[32]; data/frr-7.4/bfdd/bfdd_cli.c:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[32]; data/frr-7.4/bfdd/bfdd_cli.c:375:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[32]; data/frr-7.4/bfdd/bfdd_nb_state.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstbuf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_nb_state.c:346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstbuf[INET6_ADDRSTRLEN], srcbuf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_vty.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_vty.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/bfdd/bfdd_vty.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_vty.c:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/bfdd_vty.c:542:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errormsg[128]; data/frr-7.4/bfdd/config.c:512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bfdd/control.c:476:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bcb->bcb_buf, &bcm, sizeof(bcm)); data/frr-7.4/bfdd/control.c:736:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bcm->bcm_data, jsonstr, jsonstrlen); data/frr-7.4/bfdd/control.c:766:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bcm->bcm_data, jsonstr, jsonstrlen); data/frr-7.4/bfdd/control.c:829:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bcm->bcm_data, jsonstr, jsonstrlen); data/frr-7.4/bfdd/ptm_adapter.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timers[3][128] = {}; data/frr-7.4/bfdd/ptm_adapter.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[3][128] = {}; data/frr-7.4/bfdd/ptm_adapter.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbit_str[32]; data/frr-7.4/bfdd/ptm_adapter.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[256]; data/frr-7.4/bfdd/ptm_adapter.c:714:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/bgpd/bgp_addpath.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/frr-7.4/bgpd/bgp_aspath.c:160:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->as, seg->as, ASSEGMENT_DATA_SIZE(new->length, 1)); data/frr-7.4/bgpd/bgp_aspath.c:202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newas + num, seg->as, ASSEGMENT_DATA_SIZE(seg->length, 1)); data/frr-7.4/bgpd/bgp_aspath.c:223:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seg->as + seg->length, asnos, data/frr-7.4/bgpd/bgp_aspath.c:706:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->str, aspath->str, buflen); data/frr-7.4/bgpd/bgp_attr.c:110:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cluster->list, val->list, val->length); data/frr-7.4/bgpd/bgp_attr.c:231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tail, p, size); data/frr-7.4/bgpd/bgp_attr.c:756:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sid_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_attr.c:1516:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_attr.c:1525:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data[3], &attr->nexthop.s_addr, BGP_ATTR_NHLEN_IPV4); data/frr-7.4/bgpd/bgp_attr.c:1992:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attr->nexthop.s_addr, data/frr-7.4/bgpd/bgp_attr.c:2034:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_attr.c:2035:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_attr.c:2241:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_attr.c:2404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_attr.c:2793:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(transit->val + transit->length, startp, total); data/frr-7.4/bgpd/bgp_attr.c:2972:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ndata[BGP_MAX_PACKET_SIZE]; data/frr-7.4/bgpd/bgp_attr_evpn.c:45:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&routermac_ecom.val[2], routermac->octet, ETH_ALEN); data/frr-7.4/bgpd/bgp_attr_evpn.c:132:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rmac, pnt, ETH_ALEN); data/frr-7.4/bgpd/bgp_attr_evpn.c:269:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p_evpn_p->prefix_addr.ip.ipaddr_v4, data/frr-7.4/bgpd/bgp_attr_evpn.c:275:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p_evpn_p->prefix_addr.ip.ipaddr_v6, data/frr-7.4/bgpd/bgp_bfd.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_bmp.c:229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_distinguisher[8]; data/frr-7.4/bgpd/bgp_bmp.c:540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bbpeer->open_rx, packet->data, size); data/frr-7.4/bgpd/bgp_bmp.c:550:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qitem->data, packet->data, size); data/frr-7.4/bgpd/bgp_bmp.c:654:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bbpeer->open_tx, packet->data, size); data/frr-7.4/bgpd/bgp_bmp.c:1156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bqe, &bqeref, sizeof(*bqe)); data/frr-7.4/bgpd/bgp_bmp.c:1261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_bmp.c:1628:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_bmp.c:1686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ba->addrs[i], &addr[i], sizeof(ba->addrs[0])); data/frr-7.4/bgpd/bgp_bmp.c:1696:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_bmp.c:2088:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_bmp.c:2089:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_bmp.c:2223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_bmp.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote[SU_ADDRSTRLEN + 6]; data/frr-7.4/bgpd/bgp_btoa.c:144:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(argv[1], O_RDONLY); data/frr-7.4/bgpd/bgp_clist.c:205:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(point->name) >= number) data/frr-7.4/bgpd/bgp_clist.c:436:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&comval, com_nthval(com, i), sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_clist.c:552:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lcomval, ptr, LCOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_clist.c:640:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[12]; data/frr-7.4/bgpd/bgp_clist.c:649:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&comval, com_nthval (com, i), sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_clist.c:696:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (c, "%d:%d", (comval >> 16) & 0xFFFF, data/frr-7.4/bgpd/bgp_clist.c:938:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/bgpd/bgp_clist.c:1132:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/bgpd/bgp_clist.c:1251:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/bgpd/bgp_community.c:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com_lastval(com), &val, sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v1, a1, sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:123:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v2, a2, sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:154:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, p, sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:244:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&comval, com_nthval(com, i), sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:305:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&comval, com_nthval(com, i), sizeof(uint32_t)); data/frr-7.4/bgpd/bgp_community.c:450:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/bgpd/bgp_community.c:541:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->val, com->val, com->size * COMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_community.c:625:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(com1->val + com1->size, com2->val, com2->size * COMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_damp.c:571:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_debug.c:237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_debug.c:268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_debug.c:373:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[BUFSIZ]; data/frr-7.4/bgpd/bgp_debug.c:517:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[1024]; data/frr-7.4/bgpd/bgp_debug.c:567:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char evpn_desc[PREFIX2STR_BUFFER + INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_debug.c:568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_debug.c:569:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_debug.c:1420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_debug.c:1485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_debug.c:2573:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd_buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_debug.c:2574:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_debug.c:2575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_buf[30]; data/frr-7.4/bgpd/bgp_debug.c:2581:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathid_buf[30]; data/frr-7.4/bgpd/bgp_debug.c:2597:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_buf2[20]; data/frr-7.4/bgpd/bgp_debug.c:2617:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_string[BGP_FLOWSPEC_NLRI_STRING_MAX]; data/frr-7.4/bgpd/bgp_dump.c:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPATHLEN]; data/frr-7.4/bgpd/bgp_dump.c:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realpath[MAXPATHLEN]; data/frr-7.4/bgpd/bgp_dump.c:134:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bgp_dump->fp = fopen(realpath, "w"); data/frr-7.4/bgpd/bgp_dump.c:460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char empty[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; data/frr-7.4/bgpd/bgp_ecommunity.c:95:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ecom->val, eval->val, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_ecommunity.c:109:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, eval->val, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_ecommunity.c:137:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ecom->val + (ins_idx * ECOMMUNITY_SIZE), data/frr-7.4/bgpd/bgp_ecommunity.c:197:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->val, ecom->val, ecom->size * ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_ecommunity.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ecom1->val + (ecom1->size * ECOMMUNITY_SIZE), ecom2->val, data/frr-7.4/bgpd/bgp_ecommunity.c:350:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval->val[2], &ip, sizeof(struct in_addr)); data/frr-7.4/bgpd/bgp_ecommunity.c:380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN + 1]; data/frr-7.4/bgpd/bgp_ecommunity.c:457:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str, p - str); data/frr-7.4/bgpd/bgp_ecommunity.c:628:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eip.ip, pnt, 4); data/frr-7.4/bgpd/bgp_ecommunity.c:648:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bps_buf[20] = {0}; data/frr-7.4/bgpd/bgp_ecommunity.c:714:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encbuf[128]; data/frr-7.4/bgpd/bgp_ecommunity.c:741:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv4str[INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_ecommunity.c:765:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tunneltype, pnt + 5, 2); data/frr-7.4/bgpd/bgp_ecommunity.c:782:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rmac, pnt, ETH_ALEN); data/frr-7.4/bgpd/bgp_ecommunity.c:797:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&seqnum, pnt + 2, 4); data/frr-7.4/bgpd/bgp_ecommunity.c:830:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16] = {}; data/frr-7.4/bgpd/bgp_ecommunity.c:841:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char action[64]; data/frr-7.4/bgpd/bgp_ecommunity.c:875:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mac, pnt, ETH_ALEN); data/frr-7.4/bgpd/bgp_ecommunity.c:997:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_ecommunity.c:1033:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, ecom->val, c * ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_ecommunity.c:1035:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + (c)*ECOMMUNITY_SIZE, data/frr-7.4/bgpd/bgp_ecommunity.h:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[ECOMMUNITY_SIZE]; data/frr-7.4/bgpd/bgp_ecommunity.h:147:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval->val[2], &ip, sizeof(struct in_addr)); data/frr-7.4/bgpd/bgp_encap_tlv.c:60:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, st->cookie, st->cookie_length); data/frr-7.4/bgpd/bgp_encap_tlv.c:111:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, st->macaddr, 6); data/frr-7.4/bgpd/bgp_encap_tlv.c:193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, st->value, st->authenticator_length); data/frr-7.4/bgpd/bgp_encap_tlv.c:215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &(st->ip_address.v4.s_addr), 4); data/frr-7.4/bgpd/bgp_encap_tlv.c:219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &(st->ip_address.v6.s6_addr), 16); data/frr-7.4/bgpd/bgp_encap_tlv.c:222:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &(st->as4), 4); data/frr-7.4/bgpd/bgp_encap_tlv.c:411:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv->value, &vnid, 4); data/frr-7.4/bgpd/bgp_encap_tlv.c:415:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, bet->mac_address, 6); data/frr-7.4/bgpd/bgp_encap_tlv.c:480:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st->cookie, subtlv->value + 4, st->cookie_length); data/frr-7.4/bgpd/bgp_encap_tlv.c:514:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st->macaddr, subtlv->value + 4, 6); data/frr-7.4/bgpd/bgp_encap_tlv.c:563:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st->value, subtlv->value + 2, st->authenticator_length); data/frr-7.4/bgpd/bgp_encap_tlv.c:580:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&st->ip_address.v4.s_addr, subtlv->value, 4); data/frr-7.4/bgpd/bgp_encap_tlv.c:583:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(st->ip_address.v6.s6_addr), subtlv->value, 16); data/frr-7.4/bgpd/bgp_evpn.c:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.rt, rt, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:334:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.rt, rt, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:465:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:522:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attr->rmac, &bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn.c:528:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attr->rmac, &bgp_vrf->rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:594:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:913:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ecom_val_ptr, eval.val, sizeof(char) * ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:1332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:1333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:1423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pi->extra->label, &label, sizeof(label)); data/frr-7.4/bgpd/bgp_evpn.c:1597:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attr.rmac, &bgp_vrf->rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:1600:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attr.rmac, &bgp_vrf->evpn_info->pip_rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:1606:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1615:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1616:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1617:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1730:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_pi->extra->label, label, sizeof(label)); data/frr-7.4/bgpd/bgp_evpn.c:1758:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_pi->extra->label, label, sizeof(label)); data/frr-7.4/bgpd/bgp_evpn.c:1884:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:1885:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2190:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2191:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2433:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:2636:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2637:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2841:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:2842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:3007:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:3074:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:3093:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:3094:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:3174:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:3175:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr_str[BUFSIZ] = {0}; data/frr-7.4/bgpd/bgp_evpn.c:3203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:3430:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:3456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_evpn.c:3612:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:3967:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, pfx, 8); data/frr-7.4/bgpd/bgp_evpn.c:3977:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evpn.eth_s_id.val, pfx, ESI_LEN); data/frr-7.4/bgpd/bgp_evpn.c:3981:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ð_tag, pfx, 4); data/frr-7.4/bgpd/bgp_evpn.c:3990:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.prefix.macip_addr.mac.octet, pfx, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:4017:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.prefix.macip_addr.ip.ip.addr, pfx, ipaddr_len); data/frr-7.4/bgpd/bgp_evpn.c:4024:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label[0], pfx, BGP_LABEL_BYTES); data/frr-7.4/bgpd/bgp_evpn.c:4030:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label[1], pfx, BGP_LABEL_BYTES); data/frr-7.4/bgpd/bgp_evpn.c:4091:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, pfx, 8); data/frr-7.4/bgpd/bgp_evpn.c:4101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ð_tag, pfx, 4); data/frr-7.4/bgpd/bgp_evpn.c:4109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.prefix.imet_addr.ip.ip.addr, pfx, IPV4_MAX_BYTELEN); data/frr-7.4/bgpd/bgp_evpn.c:4157:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, pfx, 8); data/frr-7.4/bgpd/bgp_evpn.c:4161:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&esi, pfx, ESI_BYTES); data/frr-7.4/bgpd/bgp_evpn.c:4168:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vtep_ip, pfx, IPV4_MAX_BYTELEN); data/frr-7.4/bgpd/bgp_evpn.c:4224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, pfx, 8); data/frr-7.4/bgpd/bgp_evpn.c:4237:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evpn.eth_s_id.val, pfx, 10); data/frr-7.4/bgpd/bgp_evpn.c:4241:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ð_tag, pfx, 4); data/frr-7.4/bgpd/bgp_evpn.c:4262:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.prefix.prefix_addr.ip.ipaddr_v4, pfx, 4); data/frr-7.4/bgpd/bgp_evpn.c:4264:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evpn.gw_ip.ipv4, pfx, 4); data/frr-7.4/bgpd/bgp_evpn.c:4269:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.prefix.prefix_addr.ip.ipaddr_v6, pfx, 16); data/frr-7.4/bgpd/bgp_evpn.c:4271:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evpn.gw_ip.ipv6, pfx, 16); data/frr-7.4/bgpd/bgp_evpn.c:4278:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label, pfx, BGP_LABEL_BYTES); data/frr-7.4/bgpd/bgp_evpn.c:4315:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/frr-7.4/bgpd/bgp_evpn.c:4483:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:4555:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:4919:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:4920:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_evpn.c:4984:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:4985:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_evpn.c:4986:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:5154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); data/frr-7.4/bgpd/bgp_evpn.c:5277:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:5334:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval_tmp, eval, ECOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_evpn.c:5385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/bgpd/bgp_evpn.c:5501:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.esi, esi, sizeof(esi_t)); data/frr-7.4/bgpd/bgp_evpn.c:5513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/bgpd/bgp_evpn.c:5522:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&es->esi, esi, sizeof(esi_t)); data/frr-7.4/bgpd/bgp_evpn.c:5523:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&es->originator_ip, originator_ip, sizeof(struct ipaddr)); data/frr-7.4/bgpd/bgp_evpn.c:5625:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attr_str[BUFSIZ] = {0}; data/frr-7.4/bgpd/bgp_evpn.c:5702:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:5703:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:5791:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->rmac, vrr_rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:5793:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac_zebra, svi_rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:5796:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, svi_rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn.c:5799:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:5800:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:5801:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn.c:6082:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn.c:6118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_private.h:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rmac, &vpn->bgp_vrf->rmac, sizeof(struct ethaddr)); data/frr-7.4/bgpd/bgp_evpn_private.h:326:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval->val[2], mac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn_private.h:335:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eval->val[2], rmac, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn_private.h:376:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip->u.prefix4), &(evp->prefix.prefix_addr.ip.ip), data/frr-7.4/bgpd/bgp_evpn_private.h:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip->u.prefix6), &(evp->prefix.prefix_addr.ip.ip), data/frr-7.4/bgpd/bgp_evpn_private.h:402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip->u.prefix4), &(evp->prefix.macip_addr.ip.ip), data/frr-7.4/bgpd/bgp_evpn_private.h:407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip->u.prefix6), &(evp->prefix.macip_addr.ip.ip), data/frr-7.4/bgpd/bgp_evpn_private.h:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->prefix.macip_addr.mac.octet, mac->octet, ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn_private.h:432:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->prefix.macip_addr.ip, ip, sizeof(*ip)); data/frr-7.4/bgpd/bgp_evpn_private.h:444:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip.ipaddr_v4, &ip_prefix->u.prefix4, data/frr-7.4/bgpd/bgp_evpn_private.h:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip.ipaddr_v6, &ip_prefix->u.prefix6, data/frr-7.4/bgpd/bgp_evpn_private.h:458:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&evp->prefix.prefix_addr.ip, &ip, sizeof(struct ipaddr)); data/frr-7.4/bgpd/bgp_evpn_private.h:483:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->prefix.es_addr.esi, esi, sizeof(esi_t)); data/frr-7.4/bgpd/bgp_evpn_private.h:507:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mac, &esi->val[1], ETH_ALEN); data/frr-7.4/bgpd/bgp_evpn_vty.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rt_buf[RT_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eip.ip, pnt, 4); data/frr-7.4/bgpd/bgp_evpn_vty.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rt_buf[RT_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&eip.ip, pnt, 4); data/frr-7.4/bgpd/bgp_evpn_vty.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:368:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:865:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[10]; data/frr-7.4/bgpd/bgp_evpn_vty.c:866:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:867:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rt_buf[25]; data/frr-7.4/bgpd/bgp_evpn_vty.c:972:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:984:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:985:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:986:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1032:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[10]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1033:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1034:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rt_buf[25]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd_str[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:1176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:2116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->vrf_prd, rd, sizeof(struct prefix_rd)); data/frr-7.4/bgpd/bgp_evpn_vty.c:2159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vpn->prd, rd, sizeof(struct prefix_rd)); data/frr-7.4/bgpd/bgp_evpn_vty.c:2511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:2576:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd_str[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:2605:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:2721:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd_str[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:2749:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_evpn_vty.c:3142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:3832:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac_static, data/frr-7.4/bgpd/bgp_evpn_vty.c:3834:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn_vty.c:3840:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn_vty.c:3851:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn_vty.c:3879:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn_vty.c:3884:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bgp_vrf->evpn_info->pip_rmac, data/frr-7.4/bgpd/bgp_evpn_vty.c:5154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:5155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:5657:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:5658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_evpn_vty.c:5745:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_filter.c:207:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(point->name) >= number) data/frr-7.4/bgpd/bgp_flowspec.c:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, pnt, psize); data/frr-7.4/bgpd/bgp_flowspec.c:155:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_string[BGP_FLOWSPEC_NLRI_STRING_MAX]; data/frr-7.4/bgpd/bgp_flowspec.c:156:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_string[BGP_FLOWSPEC_NLRI_STRING_MAX*2+16]; data/frr-7.4/bgpd/bgp_flowspec.c:157:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ec_string[BGP_FLOWSPEC_NLRI_STRING_MAX]; data/frr-7.4/bgpd/bgp_flowspec_util.c:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix_local.u.prefix, &nlri_ptr[offset], psize); data/frr-7.4/bgpd/bgp_flowspec_vty.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX]; data/frr-7.4/bgpd/bgp_flowspec_vty.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[2] = ""; data/frr-7.4/bgpd/bgp_flowspec_vty.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pre_extra[2] = ""; data/frr-7.4/bgpd/bgp_flowspec_vty.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_string[BGP_FLOWSPEC_STRING_DISPLAY_MAX]; data/frr-7.4/bgpd/bgp_flowspec_vty.c:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_fsm.c:1143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orf_name[BUFSIZ]; data/frr-7.4/bgpd/bgp_fsm.c:1487:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_io.c:204:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pktbuf[BGP_MAX_PACKET_SIZE]; data/frr-7.4/bgpd/bgp_label.c:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_label.c:308:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(label, data, BGP_LABEL_BYTES); data/frr-7.4/bgpd/bgp_label.c:369:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); data/frr-7.4/bgpd/bgp_label.c:408:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix, pnt + llen, psize - llen); data/frr-7.4/bgpd/bgp_label.c:433:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_label.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_lcommunity.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lcom->val, lval->val, LCOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_lcommunity.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lcom->val + c * LCOMMUNITY_SIZE, lval->val, LCOMMUNITY_SIZE); data/frr-7.4/bgpd/bgp_lcommunity.c:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->val, lcom->val, lcom_length(lcom)); data/frr-7.4/bgpd/bgp_lcommunity.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lcom1->val + lcom_length(lcom1), lcom2->val, lcom_length(lcom2)); data/frr-7.4/bgpd/bgp_lcommunity.c:229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lcsb[LCOMMUNITY_STRLEN + 1]; data/frr-7.4/bgpd/bgp_lcommunity.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[LCOMMUNITY_SIZE]; data/frr-7.4/bgpd/bgp_mac.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bsm->macaddr, &orig->macaddr, ETH_ALEN); data/frr-7.4/bgpd/bgp_mac.c:190:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, prn_p->u.val, 8); data/frr-7.4/bgpd/bgp_mac.c:194:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[BGP_PRD_PATH_STRLEN]; data/frr-7.4/bgpd/bgp_mac.c:306:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lookup.macaddr, &ifp->hw_addr, ETH_ALEN); data/frr-7.4/bgpd/bgp_mac.c:346:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lookup.macaddr, &ifp->hw_addr, ETH_ALEN); data/frr-7.4/bgpd/bgp_mac.c:372:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lookup.macaddr, mac, ETH_ALEN); data/frr-7.4/bgpd/bgp_mac.c:405:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_mac[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_main.c:423:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tmp_port = atoi(optarg); data/frr-7.4/bgpd/bgp_main.c:458:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). instance = atoi(optarg); data/frr-7.4/bgpd/bgp_main.c:464:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). buffer_size = atoi(optarg); data/frr-7.4/bgpd/bgp_mpath.c:521:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nh_buf[2][INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_mpath.c:523:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_buf[PATH_ADDPATH_STR_BUFFER]; data/frr-7.4/bgpd/bgp_mplsvpn.c:145:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); data/frr-7.4/bgpd/bgp_mplsvpn.c:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&label, pnt, BGP_LABEL_BYTES); data/frr-7.4/bgpd/bgp_mplsvpn.c:199:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8); data/frr-7.4/bgpd/bgp_mplsvpn.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES, data/frr-7.4/bgpd/bgp_mplsvpn.c:1078:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_mplsvpn.c:1404:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prd.val, &p->u.val, 8); data/frr-7.4/bgpd/bgp_mplsvpn.c:1510:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_mplsvpn.c:1636:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_network.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_network.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su2, su, sizeof(union sockunion)); data/frr-7.4/bgpd/bgp_network.c:115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sabuf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_network.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_network.c:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VRF_NAMSIZ + 1]; data/frr-7.4/bgpd/bgp_network.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_network.c:789:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&listener->su, sa, salen); data/frr-7.4/bgpd/bgp_network.c:809:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_nexthop.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET6_ADDRSTRLEN] = {0}; data/frr-7.4/bgpd/bgp_nexthop.c:701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nexthop.c:746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:73:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:177:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:359:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:370:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NEXTHOP_STRLEN]; data/frr-7.4/bgpd/bgp_nht.c:628:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_nht.c:711:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_open.c:78:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mpc, pnt + 2, sizeof(struct capability_mp_data)); data/frr-7.4/bgpd/bgp_open.c:688:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[BGP_MAX_HOSTNAME + 1]; data/frr-7.4/bgpd/bgp_open.c:921:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*error, sp, caphdr.length + 2); data/frr-7.4/bgpd/bgp_open.c:979:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*error, sp, caphdr.length + 2); data/frr-7.4/bgpd/bgp_packet.c:711:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(peer->last_reset_cause, peer->curr->data, packetsize); data/frr-7.4/bgpd/bgp_packet.c:720:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[4]; data/frr-7.4/bgpd/bgp_packet.c:1103:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(notify_data_remote_as, stream_pnt(peer->curr), 2); data/frr-7.4/bgpd/bgp_packet.c:1107:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(notify_data_remote_id, stream_pnt(peer->curr), 4); data/frr-7.4/bgpd/bgp_packet.c:1139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(notify_data_remote_as4, &as4_be, 4); data/frr-7.4/bgpd/bgp_packet.c:1793:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(peer->notify.data, stream_pnt(peer->curr), size - 2); data/frr-7.4/bgpd/bgp_packet.c:1800:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[4]; data/frr-7.4/bgpd/bgp_packet.c:1945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[BUFSIZ]; data/frr-7.4/bgpd/bgp_packet.c:1992:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&seq, p_pnt, data/frr-7.4/bgpd/bgp_packet.c:2027:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&orfp.p.u.prefix, p_pnt, data/frr-7.4/bgpd/bgp_packet.c:2032:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_BUFSIZ]; data/frr-7.4/bgpd/bgp_packet.c:2179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mpc, pnt + 3, sizeof(struct capability_mp_data)); data/frr-7.4/bgpd/bgp_packet.c:2323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char notify_data_length[2]; data/frr-7.4/bgpd/bgp_packet.c:2334:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(notify_data_length, stream_pnt(peer->curr), 2); data/frr-7.4/bgpd/bgp_pbr.c:180:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, ", or "); data/frr-7.4/bgpd/bgp_pbr.c:182:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, ", and "); data/frr-7.4/bgpd/bgp_pbr.c:191:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "match"); data/frr-7.4/bgpd/bgp_pbr.c:192:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " %u", mval->value); data/frr-7.4/bgpd/bgp_pbr.c:198:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (_ptr) += sprintf((_ptr), "; "); \ data/frr-7.4/bgpd/bgp_pbr.c:591:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fail_str[64]; data/frr-7.4/bgpd/bgp_pbr.c:738:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ecom_copy, ecom_eval, data/frr-7.4/bgpd/bgp_pbr.c:790:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(api_action_redirect_ip->u data/frr-7.4/bgpd/bgp_pbr.c:799:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(api_action->u data/frr-7.4/bgpd/bgp_pbr.c:907:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, bpm, sizeof(*bpm)); data/frr-7.4/bgpd/bgp_pbr.c:935:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, bpr, sizeof(*bpr)); data/frr-7.4/bgpd/bgp_pbr.c:967:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, bpa, sizeof(*bpa)); data/frr-7.4/bgpd/bgp_pbr.c:980:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, bpme, sizeof(*bpme)); data/frr-7.4/bgpd/bgp_pbr.c:1293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_string[512]; data/frr-7.4/bgpd/bgp_pbr.c:1295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64]; data/frr-7.4/bgpd/bgp_pbr.c:1298:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "MATCH : "); data/frr-7.4/bgpd/bgp_pbr.c:1374:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "; "); data/frr-7.4/bgpd/bgp_pbr.c:1376:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "SET : "); data/frr-7.4/bgpd/bgp_pbr.c:1382:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "@set rate %f", data/frr-7.4/bgpd/bgp_pbr.c:1387:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "@action "); data/frr-7.4/bgpd/bgp_pbr.c:1390:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, data/frr-7.4/bgpd/bgp_pbr.c:1394:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " distribute"); data/frr-7.4/bgpd/bgp_pbr.c:1397:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " sample"); data/frr-7.4/bgpd/bgp_pbr.c:1401:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_buff[INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_pbr.c:1421:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, "@set dscp %u", data/frr-7.4/bgpd/bgp_pbr.c:1922:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufsrc[64], bufdst[64]; data/frr-7.4/bgpd/bgp_pbr.c:1923:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/frr-7.4/bgpd/bgp_pbr.c:1925:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char protocol_str[16]; data/frr-7.4/bgpd/bgp_pbr.c:2048:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp3.nh, nh, sizeof(struct nexthop)); data/frr-7.4/bgpd/bgp_pbr.c:2203:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bpm->ipset_name, "match%p", bpm); data/frr-7.4/bgpd/bgp_pbr.h:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[INTERFACE_NAMSIZ]; data/frr-7.4/bgpd/bgp_pbr.h:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipset_name[ZEBRA_IPSET_NAME_SIZE]; data/frr-7.4/bgpd/bgp_rd.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rd_ip->ip, pnt, 4); data/frr-7.4/bgpd/bgp_rd.c:94:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd_vnc_eth->macaddr.octet, pnt + 2, ETH_ALEN); data/frr-7.4/bgpd/bgp_rd.c:122:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(half, str, (p - str)); data/frr-7.4/bgpd/bgp_rd.c:133:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). as_val = atol(half); data/frr-7.4/bgpd/bgp_rd.c:137:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stream_putw(s, atol(p + 1)); data/frr-7.4/bgpd/bgp_rd.c:141:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stream_putl(s, atol(p + 1)); data/frr-7.4/bgpd/bgp_rd.c:150:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stream_putw(s, atol(p + 1)); data/frr-7.4/bgpd/bgp_rd.c:152:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prd->val, s->data, 8); data/frr-7.4/bgpd/bgp_rd.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/bgpd/bgp_regex.c:58:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(magic_str + j, magic_regexp, data/frr-7.4/bgpd/bgp_route.c:541:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_buf[PATH_ADDPATH_STR_BUFFER]; data/frr-7.4/bgpd/bgp_route.c:542:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exist_buf[PATH_ADDPATH_STR_BUFFER]; data/frr-7.4/bgpd/bgp_route.c:1366:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extra.label, label, data/frr-7.4/bgpd/bgp_route.c:1556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:2114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_route.c:2115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_buf[PATH_ADDPATH_STR_BUFFER]; data/frr-7.4/bgpd/bgp_route.c:2357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:3189:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(attr->evpn_overlay.eth_s_id), eth_s_id, data/frr-7.4/bgpd/bgp_route.c:3195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(attr->evpn_overlay.gw_ip), gw_ip, data/frr-7.4/bgpd/bgp_route.c:3324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[BGP_PRD_PATH_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:3698:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&extra->label, label, data/frr-7.4/bgpd/bgp_route.c:3791:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:3893:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&extra->label, label, data/frr-7.4/bgpd/bgp_route.c:3941:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:4083:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[BGP_PRD_PATH_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:4340:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd.val, p->u.val, 8); data/frr-7.4/bgpd/bgp_route.c:4425:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wname[sizeof("clear xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx")]; data/frr-7.4/bgpd/bgp_route.c:4823:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); data/frr-7.4/bgpd/bgp_route.c:4866:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p.u.val, pnt, psize); data/frr-7.4/bgpd/bgp_route.c:4891:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:4903:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:5101:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:5151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:5301:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(add.ipv6), &(bgp_static->gatewayIp.u.prefix6), data/frr-7.4/bgpd/bgp_route.c:5780:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ethtag != NULL ? atol(ethtag) : 0, &p))) { data/frr-7.4/bgpd/bgp_route.c:5906:28: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ethtag != NULL ? atol(ethtag) : 0, &p))) { data/frr-7.4/bgpd/bgp_route.c:6037:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7027:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7095:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7415:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7416:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrf_id_str[VRF_NAMSIZ] = {0}; data/frr-7.4/bgpd/bgp_route.c:7648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7649:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop[128]; data/frr-7.4/bgpd/bgp_route.c:7752:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7765:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7899:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:7989:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:8035:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:8083:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:8181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_a[512]; data/frr-7.4/bgpd/bgp_route.c:8227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ] = {0}; data/frr-7.4/bgpd/bgp_route.c:8252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:8353:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_route.c:8418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_route.c:8511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:8629:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:8630:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:8631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[EVPN_ROUTE_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:8667:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag_buf[30]; data/frr-7.4/bgpd/bgp_route.c:9546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:9795:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char retstr[BGP_FLOWSPEC_STRING_DISPLAY_MAX]; data/frr-7.4/bgpd/bgp_route.c:9886:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:9888:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prd, rn_p, sizeof(struct prefix_rd)); data/frr-7.4/bgpd/bgp_route.c:9994:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:9995:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:9996:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[EVPN_ROUTE_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:9997:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:10205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdbuf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:11349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buf[20]; data/frr-7.4/bgpd/bgp_route.c:11356:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning_msg[50]; data/frr-7.4/bgpd/bgp_route.c:12331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:12574:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(distance_str); data/frr-7.4/bgpd/bgp_route.c:12625:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(distance_str); data/frr-7.4/bgpd/bgp_route.c:12741:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance_ebgp = atoi(argv[idx_number]->arg); data/frr-7.4/bgpd/bgp_route.c:12742:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance_ibgp = atoi(argv[idx_number_2]->arg); data/frr-7.4/bgpd/bgp_route.c:12743:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance_local = atoi(argv[idx_number_3]->arg); data/frr-7.4/bgpd/bgp_route.c:12921:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). half = atoi(argv[idx_half_life]->arg) * 60; data/frr-7.4/bgpd/bgp_route.c:12922:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). reuse = atoi(argv[idx_reuse]->arg); data/frr-7.4/bgpd/bgp_route.c:12923:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). suppress = atoi(argv[idx_suppress]->arg); data/frr-7.4/bgpd/bgp_route.c:12924:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = atoi(argv[idx_max_suppress]->arg) * 60; data/frr-7.4/bgpd/bgp_route.c:12926:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). half = atoi(argv[idx_half_life]->arg) * 60; data/frr-7.4/bgpd/bgp_route.c:13113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_route.c:13130:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:13179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:13180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdbuf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:13230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN * 2]; data/frr-7.4/bgpd/bgp_route.c:13231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:13232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdbuf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.c:13260:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_route.c:13302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_route.h:486:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst_pie, src_pi->extra, data/frr-7.4/bgpd/bgp_routemap.c:1307:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rcom->name, arg, len); data/frr-7.4/bgpd/bgp_routemap.c:1398:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rcom->name, arg, len); data/frr-7.4/bgpd/bgp_routemap.c:1560:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). perc = atoi(arg); data/frr-7.4/bgpd/bgp_routemap.c:2626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bw_str[40] = {0}; data/frr-7.4/bgpd/bgp_routemap.c:2636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bw_str, arg, len); data/frr-7.4/bgpd/bgp_routemap.c:2792:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char as[10]; data/frr-7.4/bgpd/bgp_routemap.c:2793:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address[20]; data/frr-7.4/bgpd/bgp_routemap.c:3424:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&path->attr->mp_nexthop_global, address, data/frr-7.4/bgpd/bgp_routemap.c:3713:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_rpki.c:277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_rpki.c:708:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_rpki.c:1274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_rpki.c:1278:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr_str, prefix_str, addr_len); data/frr-7.4/bgpd/bgp_updgrp.c:157:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dst->nexthop), &(src->nexthop), sizeof(struct bgp_nexthop)); data/frr-7.4/bgpd/bgp_updgrp.c:258:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(updgrp, in, sizeof(struct update_group)); data/frr-7.4/bgpd/bgp_updgrp_packet.c:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pkt->arr, vecarrp, data/frr-7.4/bgpd/bgp_updgrp_packet.c:184:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&last_pkt->arr, vecarrp, data/frr-7.4/bgpd/bgp_updgrp_packet.c:390:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:391:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char send_attr_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:865:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[BGP_PRD_PATH_STRLEN]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1053:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[BGP_PRD_PATH_STRLEN]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attrstr[BUFSIZ]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tx_id_buf[30]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_updgrp_packet.c:1224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tx_id_buf[30]; data/frr-7.4/bgpd/bgp_vpn.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rd_str[BUFSIZ]; data/frr-7.4/bgpd/bgp_vty.c:1654:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). establish_wait = atoi(wait); data/frr-7.4/bgpd/bgp_vty.c:3444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_vty.c:6600:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). threshold = atoi(threshold_str); data/frr-7.4/bgpd/bgp_vty.c:6605:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). restart = atoi(restart_str); data/frr-7.4/bgpd/bgp_vty.c:6902:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). allow_num = atoi(argv[idx_number_origin]->arg); data/frr-7.4/bgpd/bgp_vty.c:8304:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_vty.c:8489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memstrbuf[MTYPE_MEMSTR_LEN]; data/frr-7.4/bgpd/bgp_vty.c:8646:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorcodesubcode_hexstr[5]; data/frr-7.4/bgpd/bgp_vty.c:8647:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorcodesubcode_str[256]; data/frr-7.4/bgpd/bgp_vty.c:8672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[1024]; data/frr-7.4/bgpd/bgp_vty.c:8721:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN], dn_flag[2]; data/frr-7.4/bgpd/bgp_vty.c:8780:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN], dn_flag[2]; data/frr-7.4/bgpd/bgp_vty.c:8781:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neighbor_buf[VTY_BUFSIZ]; data/frr-7.4/bgpd/bgp_vty.c:8890:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memstrbuf[MTYPE_MEMSTR_LEN]; data/frr-7.4/bgpd/bgp_vty.c:9924:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN] = {0}; data/frr-7.4/bgpd/bgp_vty.c:9925:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dn_flag[2] = {0}; data/frr-7.4/bgpd/bgp_vty.c:9927:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neighborAddr[INET6_ADDRSTRLEN + 1] = {0}; data/frr-7.4/bgpd/bgp_vty.c:9967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orf_pfx_name[BUFSIZ]; data/frr-7.4/bgpd/bgp_vty.c:10579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER], buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_vty.c:10580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[BGP_UPTIME_LEN]; data/frr-7.4/bgpd/bgp_vty.c:10581:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dn_flag[2]; data/frr-7.4/bgpd/bgp_vty.c:12890:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_vty.c:13372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_vty.c:14327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_vty.c:14335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_vty.c:14456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_zebra.c:316:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_zebra.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_zebra.c:379:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_zebra.c:405:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgp_zebra.c:536:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:689:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &cp->u.prefix6, IPV6_MAX_BYTELEN); data/frr-7.4/bgpd/bgp_zebra.c:707:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &cp->u.prefix6, IPV6_MAX_BYTELEN); data/frr-7.4/bgpd/bgp_zebra.c:755:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop->v6_global, &local->sin6.sin6_addr, IPV6_MAX_BYTELEN); data/frr-7.4/bgpd/bgp_zebra.c:807:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop->v6_local, &nexthop->v6_global, data/frr-7.4/bgpd/bgp_zebra.c:829:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop->v6_global, &local->sin6.sin6_addr, data/frr-7.4/bgpd/bgp_zebra.c:853:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop->v6_global, data/frr-7.4/bgpd/bgp_zebra.c:857:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop->v6_local, &local->sin6.sin6_addr, data/frr-7.4/bgpd/bgp_zebra.c:944:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:954:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:1195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; /* filled in if we are debugging */ data/frr-7.4/bgpd/bgp_zebra.c:1402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api_nh->rmac, &(mpinfo->attr->rmac), data/frr-7.4/bgpd/bgp_zebra.c:1434:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:1435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nh_buf[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:1436:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eth_buf[ETHER_ADDR_STRLEN + 7] = {'\0'}; data/frr-7.4/bgpd/bgp_zebra.c:1437:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:1438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[20]; data/frr-7.4/bgpd/bgp_zebra.c:1570:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipset_name[ZEBRA_IPSET_NAME_SIZE]; data/frr-7.4/bgpd/bgp_zebra.c:2375:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pfx, &(pbr->src), sizeof(struct prefix)); data/frr-7.4/bgpd/bgp_zebra.c:2387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pfx, &(pbr->dst), sizeof(struct prefix)); data/frr-7.4/bgpd/bgp_zebra.c:2506:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/bgpd/bgp_zebra.c:2507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2625:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2626:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:2680:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgp_zebra.c:3035:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX_STRLEN]; data/frr-7.4/bgpd/bgpd.c:1115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bgp->GLOBAL_GR_FSM, local_GLOBAL_GR_FSM, data/frr-7.4/bgpd/bgpd.c:1180:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&peer->PEER_GR_FSM, local_Peer_GR_FSM, data/frr-7.4/bgpd/bgpd.c:1422:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&peer->su.sin6.sin6_addr, &ifc_nbr->address->u.prefix, data/frr-7.4/bgpd/bgpd.c:1552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/bgpd/bgpd.c:2686:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgpd.c:3699:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgpd.c:3700:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/bgpd.c:4000:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msgbuf + 1, msg, msglen); data/frr-7.4/bgpd/bgpd.c:6995:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[11]; data/frr-7.4/bgpd/bgpd.h:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rmap_name[BGP_VPN_POLICY_DIR_MAX]; data/frr-7.4/bgpd/bgpd.h:400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char update_delay_begin_time[64]; data/frr-7.4/bgpd/bgpd.h:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char update_delay_end_time[64]; data/frr-7.4/bgpd/bgpd.h:402:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char update_delay_zebra_resume_time[64]; data/frr-7.4/bgpd/bgpd.h:403:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char update_delay_peers_resume_time[64]; data/frr-7.4/bgpd/bgpd.h:1345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcvd_attr_str[BUFSIZ]; data/frr-7.4/bgpd/bgpd.h:1363:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char allowas_in[AFI_MAX][SAFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:3906:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:3922:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:4146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:4219:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:4228:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:4238:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.c:4526:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[40]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_export_bgp_name[AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_export_zebra_name[AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_redist_name[ZEBRA_ROUTE_MAX][AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *routemap_redist_name[ZEBRA_ROUTE_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_export_bgp_name[AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_export_zebra_name[AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plist_redist_name[ZEBRA_ROUTE_MAX][AFI_MAX]; data/frr-7.4/bgpd/rfapi/bgp_rfapi_cfg.h:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *routemap_redist_name[ZEBRA_ROUTE_MAX]; data/frr-7.4/bgpd/rfapi/rfapi.c:365:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:366:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:584:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:750:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encaptlv->value, <, 4); data/frr-7.4/bgpd/rfapi/rfapi.c:799:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((uint8_t *)encaptlv->value) + 2, data/frr-7.4/bgpd/rfapi/rfapi.c:1302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi.c:1370:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi.c:1371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi.c:1423:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, vo, sizeof(struct rfapi_vn_option)); data/frr-7.4/bgpd/rfapi/rfapi.c:1446:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, uo, sizeof(struct rfapi_un_option)); data/frr-7.4/bgpd/rfapi/rfapi.c:1469:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, hop, sizeof(struct bgp_tea_options)); data/frr-7.4/bgpd/rfapi/rfapi.c:1474:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->value, hop->value, hop->length); data/frr-7.4/bgpd/rfapi/rfapi.c:1580:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:1891:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:1949:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:2402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi.c:2561:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prd.val + 2, pfx_mac->u.prefix_eth.octet, 6); data/frr-7.4/bgpd/rfapi/rfapi.c:3494:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi.c:3755:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd->val + 2, &vn->addr.v4.s_addr, 4); data/frr-7.4/bgpd/rfapi/rfapi.c:3757:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rd->val + 2, &vn->addr.v6.s6_addr32[3], data/frr-7.4/bgpd/rfapi/rfapi.c:3761:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:311:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l2o->macaddr.octet, data/frr-7.4/bgpd/rfapi/rfapi_import.c:366:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lifetime, pEncap->value, 4); data/frr-7.4/bgpd/rfapi/rfapi_import.c:409:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->u.val, pEncap->value, data/frr-7.4/bgpd/rfapi/rfapi_import.c:418:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->u.val, pEncap->value, data/frr-7.4/bgpd/rfapi/rfapi_import.c:614:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:1248:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&l2o->macaddr, v, 6); data/frr-7.4/bgpd/rfapi/rfapi_import.c:1297:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vo->v.l2addr.macaddr, &p->u.prefix_eth.octet, ETH_ALEN); data/frr-7.4/bgpd/rfapi/rfapi_import.c:1380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->un_address.addr.v4, pEncap->value, data/frr-7.4/bgpd/rfapi/rfapi_import.c:1387:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->un_address.addr.v6, pEncap->value, data/frr-7.4/bgpd/rfapi/rfapi_import.c:1558:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:1957:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pfx_buf[PREFIX2STR_BUFFER]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2145:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_aux_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_aux_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:2918:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:3374:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:3636:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:3900:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pfx_mac_buf.u.prefix_eth.octet, prd->val + 2, 6); data/frr-7.4/bgpd/rfapi/rfapi_import.c:3972:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pfx_mac_buf.u.prefix_eth, prd->val + 2, 6); data/frr-7.4/bgpd/rfapi/rfapi_import.c:4404:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:4441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p1line[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_import.c:4561:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:774:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:850:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:937:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_target_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:1094:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:1273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_monitor.c:1340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_nve_addr.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_str[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_nve_addr.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b_str[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:645:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hop->value, pEncap->value + 2, data/frr-7.4/bgpd/rfapi/rfapi_rib.c:686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vo->v.l2addr.macaddr, bpi->extra->vnc.import.rd.val + 2, data/frr-7.4/bgpd/rfapi/rfapi_rib.c:913:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:914:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_rd[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1401:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_rd[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1594:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1814:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1979:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_vn[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:1980:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_aux_prefix[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2078:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2079:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx_vn[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_vn[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_un[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_lifetime[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_age[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_rd[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2351:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2458:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_rib.c:2459:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:413:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:435:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:534:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macaddr.octet, bpi->extra->vnc.import.rd.val + 2, data/frr-7.4/bgpd/rfapi/rfapi_vty.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:693:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:694:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:713:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:767:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:871:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_remain[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:872:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:896:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:897:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:940:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_remain[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:941:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:973:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:974:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1023:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_pfx[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1024:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_ntop[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1025:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_un[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1026:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_vn[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1027:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_lifetime[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_age[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_age[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RD_ADDRSTRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1598:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1797:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1849:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[100]; data/frr-7.4/bgpd/rfapi/rfapi_vty.c:4225:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vn_addr_buf[INET6_ADDRSTRLEN] = { data/frr-7.4/bgpd/rfapi/rfapi_vty.c:4228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char un_addr_buf[INET6_ADDRSTRLEN] = { data/frr-7.4/bgpd/rfapi/rfapi_vty.c:4231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char age[10]; data/frr-7.4/bgpd/rfapi/vnc_export_bgp.c:165:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pfx_ce->u.prefix4, ecp + 2, 4); data/frr-7.4/bgpd/rfapi/vnc_export_bgp.c:531:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(roec.val + 2, data/frr-7.4/bgpd/rfapi/vnc_export_bgp.c:560:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(roec.val + 2, &origin->s_addr, 4); data/frr-7.4/bgpd/rfapi/vnc_export_bgp.c:1849:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prd.val, prn_p->u.val, 8); data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kbuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:263:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_onh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:264:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nve_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:280:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; \ data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:417:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vnc_gateway_magic.val + 2, data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:421:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vnc_gateway_magic.val + 6, (char *)&localadmin, 2); data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:717:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:787:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:864:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:903:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:989:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1066:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1471:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1472:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1500:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_unh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1501:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nve_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1524:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1554:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1624:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_unh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:1625:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_nve_pfx[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:2308:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:2605:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:2606:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_nh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:2676:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_import_bgp.c:2677:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_nh[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_zebra.c:312:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prd.val, prn_p->u.val, 8); data/frr-7.4/bgpd/rfapi/vnc_zebra.c:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/bgpd/rfapi/vnc_zebra.c:428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_cli.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/eigrpd/eigrp_cli.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/eigrpd/eigrp_cli.c:441:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_metric[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:667:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:754:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:792:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_cli.c:816:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN], xpath_auth[XPATH_MAXLEN + 64]; data/frr-7.4/eigrpd/eigrp_dump.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_packet.c:77:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char zeropad[16] = {0}; data/frr-7.4/eigrpd/eigrp_packet.c:100:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN]; data/frr-7.4/eigrpd/eigrp_packet.c:153:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_MD5_LEN); data/frr-7.4/eigrpd/eigrp_packet.c:168:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[EIGRP_AUTH_TYPE_MD5_LEN]; data/frr-7.4/eigrpd/eigrp_packet.c:169:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char orig[EIGRP_AUTH_TYPE_MD5_LEN]; data/frr-7.4/eigrpd/eigrp_packet.c:190:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orig, auth_TLV->digest, EIGRP_AUTH_TYPE_MD5_LEN); data/frr-7.4/eigrpd/eigrp_packet.c:254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_ip[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_packet.c:256:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[EIGRP_AUTH_TYPE_SHA256_LEN]; data/frr-7.4/eigrpd/eigrp_packet.c:257:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1 + PLAINTEXT_LENGTH + 45 + 1] = {0}; data/frr-7.4/eigrpd/eigrp_packet.c:290:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1, key, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:291:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1 + strlen(key->string), source_ip, strlen(source_ip)); data/frr-7.4/eigrpd/eigrp_packet.c:299:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auth_TLV->digest, digest, EIGRP_AUTH_TYPE_SHA256_LEN); data/frr-7.4/eigrpd/eigrp_packet.c:577:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3][INET_ADDRSTRLEN]; data/frr-7.4/eigrpd/eigrp_packet.c:621:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[PREFIX_STRLEN], dst[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_packet.c:722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())]; data/frr-7.4/eigrpd/eigrp_reply.c:77:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pe2, pe, sizeof(struct eigrp_prefix_entry)); data/frr-7.4/eigrpd/eigrp_reply.c:171:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_structs.h:63:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mtu[3]; data/frr-7.4/eigrpd/eigrp_structs.h:328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tlv[0]; data/frr-7.4/eigrpd/eigrp_structs.h:435:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char destination_part[4]; data/frr-7.4/eigrpd/eigrp_topology.c:137:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_update.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_zebra.c:154:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/eigrpd/eigrp_zebra.c:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/eigrpd/eigrp_zebra.c:214:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/eigrpd/eigrp_zebra.c:237:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX_STRLEN]; data/frr-7.4/eigrpd/eigrp_zebra.c:257:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/eigrpd/eigrp_zebra.c:261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/include/linux/socket.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __data[_K_SS_MAXSIZE - sizeof(unsigned short)]; data/frr-7.4/isisd/fabricd.c:558:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(neighbor_id, n->id, sizeof(n->id)); data/frr-7.4/isisd/fabricd.c:601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, n->id, sizeof(n->id)); data/frr-7.4/isisd/isis_adjacency.c:60:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->sysid, id, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_adjacency.c:74:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->snpa, snpa, ETH_ALEN); data/frr-7.4/isisd/isis_adjacency.c:407:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_adjacency.c:569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_bfd.c:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_bfd.c:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_buf[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_bfd.c:229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_bfd.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_bpf.c:76:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sock_buff[16384]; data/frr-7.4/isisd/isis_bpf.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bpfdev[128]; data/frr-7.4/isisd/isis_bpf.c:92:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(bpfdev, O_RDWR); data/frr-7.4/isisd/isis_bpf.c:251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssnpa, buff_ptr + bpf_hdr->bh_hdrlen + ETHER_ADDR_LEN, data/frr-7.4/isisd/isis_bpf.c:289:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->ether_dhost, ALL_L1_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_bpf.c:291:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->ether_dhost, ALL_L2_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_bpf.c:292:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->ether_shost, circuit->u.bc.snpa, ETH_ALEN); data/frr-7.4/isisd/isis_bpf.c:304:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sock_buff + (LLC_LEN + ETHER_HDR_LEN), circuit->snd_stream->data, data/frr-7.4/isisd/isis_circuit.c:248:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_circuit.c:324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_circuit.c:634:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(circuit->u.bc.snpa, circuit->interface->hw_addr, data/frr-7.4/isisd/isis_circuit.c:849:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/isisd/isis_circuit.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char run_dr_elect[2]; /* Should we run dr election ? */ data/frr-7.4/isisd/isis_circuit.h:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char is_dr[2]; /* Are we level x DR ? */ data/frr-7.4/isisd/isis_cli.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base_xpath[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_cli.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_xpath[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_cli.c:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_xpath[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_cli.c:205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_xpath[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_cli.c:1273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base_xpath[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_dlpi.c:205:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(devpath, O_RDWR | O_NONBLOCK | O_NOCTTY); data/frr-7.4/isisd/isis_dlpi.c:291:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)dpaa + dpaa->dl_addr_offset, addr, ETHERADDRL); data/frr-7.4/isisd/isis_dlpi.c:298:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devpath[MAXPATHLEN]; data/frr-7.4/isisd/isis_dlpi.c:450:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pfil.Pf_Filter, pf_filter, sizeof(pf_filter)); data/frr-7.4/isisd/isis_dlpi.c:542:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssnpa, data/frr-7.4/isisd/isis_dlpi.c:590:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstaddr, ALL_L1_ISS, ETHERADDRL); data/frr-7.4/isisd/isis_dlpi.c:592:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstaddr, ALL_L2_ISS, ETHERADDRL); data/frr-7.4/isisd/isis_dlpi.c:599:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sock_buff + LLC_LEN, circuit->snd_stream->data, data/frr-7.4/isisd/isis_dr.c:228:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_dr.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_dr, circuit->u.bc.l1_desig_is, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_dr.c:281:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(circuit->u.bc.l1_desig_is, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_dr.c:296:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_dr, circuit->u.bc.l2_desig_is, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_dr.c:302:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(circuit->u.bc.l2_desig_is, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_dynhn.c:109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dyn->id, id, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_dynhn.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256]; data/frr-7.4/isisd/isis_lsp.c:490:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, lsp->hdr.lsp_id, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_lsp.c:607:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[SYSID_STRLEN]; data/frr-7.4/isisd/isis_lsp.c:619:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, sysid_print(lsp_id), 15); data/frr-7.4/isisd/isis_lsp.c:639:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%d/", data/frr-7.4/isisd/isis_lsp.c:642:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%d/", data/frr-7.4/isisd/isis_lsp.c:645:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos, "%d", ISIS_MASK_LSP_OL_BIT(lsp_bits) ? 1 : 0); data/frr-7.4/isisd/isis_lsp.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char LSPid[255]; data/frr-7.4/isisd/isis_lsp.c:654:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char age_out[8]; data/frr-7.4/isisd/isis_lsp.c:655:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200]; data/frr-7.4/isisd/isis_lsp.c:830:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frag_id, lsp0->hdr.lsp_id, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_lsp.c:857:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_lsp.c:1117:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ne_id, nei->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1214:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lspid, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1407:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1519:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ne_id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1562:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ne_id, adj->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1597:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1659:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1718:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1740:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.c:1768:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_lsp.h:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((I), isis->sysid, ISIS_SYS_ID_LEN); \ data/frr-7.4/isisd/isis_main.c:224:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). instance = atoi(optarg); data/frr-7.4/isisd/isis_misc.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char isonet[51]; data/frr-7.4/isisd/isis_misc.c:53:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestring[20]; data/frr-7.4/isisd/isis_misc.c:54:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nlpidstring[30]; data/frr-7.4/isisd/isis_misc.c:69:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos, "%02x", *(from + i)); data/frr-7.4/isisd/isis_misc.c:73:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos, "%02x", *(from + i)); data/frr-7.4/isisd/isis_misc.c:76:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos, "%02x.", *(from + i)); data/frr-7.4/isisd/isis_misc.c:123:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(number, pos, 2); data/frr-7.4/isisd/isis_misc.c:164:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(number, pos, 2); data/frr-7.4/isisd/isis_misc.c:180:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[4]; data/frr-7.4/isisd/isis_misc.c:211:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, ", "); data/frr-7.4/isisd/isis_misc.c:328:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf_ring[FORMAT_BUF_COUNT][FORMAT_ID_SIZE]; data/frr-7.4/isisd/isis_misc.c:369:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%uY", time / SECS_PER_YEAR); data/frr-7.4/isisd/isis_misc.c:372:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%uM", rest / SECS_PER_MONTH); data/frr-7.4/isisd/isis_misc.c:375:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%uw", rest / SECS_PER_WEEK); data/frr-7.4/isisd/isis_misc.c:378:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%ud", rest / SECS_PER_DAY); data/frr-7.4/isisd/isis_misc.c:381:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%uh", rest / SECS_PER_HOUR); data/frr-7.4/isisd/isis_misc.c:384:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%um", rest / SECS_PER_MINUTE); data/frr-7.4/isisd/isis_misc.c:387:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. pos += sprintf(pos, "%us", rest); data/frr-7.4/isisd/isis_misc.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_prefix, prefix_start, data/frr-7.4/isisd/isis_misc.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytestr[4]; data/frr-7.4/isisd/isis_misc.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[10]; data/frr-7.4/isisd/isis_misc.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexstr[16 * 3 + 5]; data/frr-7.4/isisd/isis_misc.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charstr[16 * 1 + 5]; data/frr-7.4/isisd/isis_misc.c:520:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortbuf[256]; data/frr-7.4/isisd/isis_misc.c:563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortbuf[256]; data/frr-7.4/isisd/isis_misc.c:587:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MONOTIME_STRLEN]; data/frr-7.4/isisd/isis_mt.c:57:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[sizeof("65535")]; data/frr-7.4/isisd/isis_mt.c:393:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_mt_set, adj->mt_set, data/frr-7.4/isisd/isis_nb_config.c:117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr.area_addr, buff, addr.addr_len); data/frr-7.4/isisd/isis_nb_config.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrr->area_addr, buff, addrr->addr_len); data/frr-7.4/isisd/isis_nb_config.c:152:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(isis->sysid, GETSYSID(addrr), ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_nb_config.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr.area_addr, buff, (int)addr.addr_len); data/frr-7.4/isisd/isis_nb_notifications.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:283:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:359:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:384:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:408:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:434:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:459:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_nb_notifications.c:480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/isisd/isis_pdu.c:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->snpa, iih->ssnpa, 6); data/frr-7.4/isisd/isis_pdu.c:481:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dis, iih->dis, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_pdu.c:489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->lanid, iih->dis, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_pdu.c:555:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_pdu[pdu_end - pdu_start]; data/frr-7.4/isisd/isis_pdu.c:808:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_pdu[pdu_end - pdu_start]; data/frr-7.4/isisd/isis_pdu.c:1200:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, hdr.lsp_id, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_pdu.c:1269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_pdu[pdu_end - pdu_start]; data/frr-7.4/isisd/isis_pdu.c:1483:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, entry->id, data/frr-7.4/isisd/isis_pdu.c:1590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_pdu[pdu_end - pdu_start]; data/frr-7.4/isisd/isis_pdu.c:2126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(circuit->snd_stream) + start_pointer, start, data/frr-7.4/isisd/isis_pdu.c:2128:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(circuit->snd_stream) + end_pointer, stop, data/frr-7.4/isisd/isis_pdu.c:2166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start, stop, ISIS_SYS_ID_LEN + 2); data/frr-7.4/isisd/isis_pfpacket.c:91:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.mr_address, ALL_L1_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:93:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.mr_address, ALL_L2_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:95:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.mr_address, ALL_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:97:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq.mr_address, ALL_ESS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:295:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen); data/frr-7.4/isisd/isis_pfpacket.c:333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ssnpa, &s_addr.sll_addr, s_addr.sll_halen); data/frr-7.4/isisd/isis_pfpacket.c:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_buff[LLC_LEN]; data/frr-7.4/isisd/isis_pfpacket.c:359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sll_addr, ALL_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:361:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:363:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:402:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sll_addr, ALL_L1_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_pfpacket.c:404:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sll_addr, ALL_L2_ISS, ETH_ALEN); data/frr-7.4/isisd/isis_redist.c:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(er_node->info, info, sizeof(*info)); data/frr-7.4/isisd/isis_redist.c:235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_buf[BUFSIZ]; data/frr-7.4/isisd/isis_redist.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debug_buf[BUFSIZ]; data/frr-7.4/isisd/isis_redist.c:310:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/isisd/isis_redist.c:359:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char do_subscribe[REDIST_PROTOCOL_COUNT][ZEBRA_ROUTE_MAX + 1]; data/frr-7.4/isisd/isis_route.c:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_route.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SRCDEST2STR_BUFFER]; data/frr-7.4/isisd/isis_route.c:380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[SRCDEST2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:302:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_spf.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:453:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:718:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:834:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, adj->sysid, data/frr-7.4/isisd/isis_spf.c:847:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, adj->sysid, data/frr-7.4/isisd/isis_spf.c:885:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, circuit->u.bc.l1_desig_is, data/frr-7.4/isisd/isis_spf.c:888:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, circuit->u.bc.l2_desig_is, data/frr-7.4/isisd/isis_spf.c:937:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, adj->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_spf.c:948:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, adj->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_spf.c:990:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf.c:1300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[VID2STR_BUFFER]; data/frr-7.4/isisd/isis_spf_private.h:320:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vertex->N.id, id, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_spf_private.h:347:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsp_id, vertex->N.id, ISIS_SYS_ID_LEN + 1); data/frr-7.4/isisd/isis_sr.c:414:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(srn->sysid, sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_sr.c:464:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(srn.sysid, sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isis_sr.c:753:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_sr.c:1556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_oper[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1558:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_iface[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1559:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_uptime[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1595:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1596:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_oper[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1597:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_nhop[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1598:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_iface[BUFSIZ]; data/frr-7.4/isisd/isis_sr.c:1599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_uptime[BUFSIZ]; data/frr-7.4/isisd/isis_te.c:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:141:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, exts, sizeof(struct isis_ext_subtlvs)); data/frr-7.4/isisd/isis_tlvs.c:184:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->neighbor_id, lan->neighbor_id, 6); data/frr-7.4/isisd/isis_tlvs.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:929:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:997:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subtlvs->source_prefix, &p, sizeof(p)); data/frr-7.4/isisd/isis_tlvs.c:1112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv->addr, addr->addr, addr->len); data/frr-7.4/isisd/isis_tlvs.c:1192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv->id, r->id, 7); data/frr-7.4/isisd/isis_tlvs.c:1264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv->mac, n->mac, 6); data/frr-7.4/isisd/isis_tlvs.c:1395:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv->id, r->id, 7); data/frr-7.4/isisd/isis_tlvs.c:1526:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:1603:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->protocols, src->protocols, src->count); data/frr-7.4/isisd/isis_tlvs.c:1683:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[INET_ADDRSTRLEN]; data/frr-7.4/isisd/isis_tlvs.c:1745:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[INET6_ADDRSTRLEN]; data/frr-7.4/isisd/isis_tlvs.c:1877:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, id, sizeof(*rv)); data/frr-7.4/isisd/isis_tlvs.c:1887:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[INET_ADDRSTRLEN]; data/frr-7.4/isisd/isis_tlvs.c:1958:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:2196:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, spine_leaf, sizeof(*rv)); data/frr-7.4/isisd/isis_tlvs.c:2330:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, threeway_adj, sizeof(*rv)); data/frr-7.4/isisd/isis_tlvs.c:2439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixbuf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_tlvs.c:2601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, router_cap, sizeof(*rv)); data/frr-7.4/isisd/isis_tlvs.c:2609:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[INET_ADDRSTRLEN]; data/frr-7.4/isisd/isis_tlvs.c:2824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[768]; data/frr-7.4/isisd/isis_tlvs.c:3695:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rem_lifetime, STREAM_DATA(s) + LSP_REM_LIFETIME_OFF, data/frr-7.4/isisd/isis_tlvs.c:3698:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(checksum, STREAM_DATA(s) + LSP_CHECKSUM_OFF, sizeof(*checksum)); data/frr-7.4/isisd/isis_tlvs.c:3705:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(s) + LSP_REM_LIFETIME_OFF, &rem_lifetime, data/frr-7.4/isisd/isis_tlvs.c:3707:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(s) + LSP_CHECKSUM_OFF, &checksum, sizeof(checksum)); data/frr-7.4/isisd/isis_tlvs.c:3725:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, result, 16); data/frr-7.4/isisd/isis_tlvs.c:3730:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(auth->value, digest, 16); data/frr-7.4/isisd/isis_tlvs.c:3731:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(s) + auth->offset, digest, 16); data/frr-7.4/isisd/isis_tlvs.c:4166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->addr, area_addr->area_addr, 20); data/frr-7.4/isisd/isis_tlvs.c:4180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->mac, snpa, 6); data/frr-7.4/isisd/isis_tlvs.c:4193:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlvs->protocols_supported.protocols, nlpids->nlpids, data/frr-7.4/isisd/isis_tlvs.c:4283:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, result, 16); data/frr-7.4/isisd/isis_tlvs.c:4288:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STREAM_DATA(stream) + auth->offset, auth->value, 16); data/frr-7.4/isisd/isis_tlvs.c:4383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->area_addresses[i].area_addr, addr->addr, addr->len); data/frr-7.4/isisd/isis_tlvs.c:4422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adj->nlpids.nlpids, reduced.nlpids, reduced.count); data/frr-7.4/isisd/isis_tlvs.c:4537:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->id, lsp->hdr.lsp_id, ISIS_SYS_ID_LEN + 2); data/frr-7.4/isisd/isis_tlvs.c:4595:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlvs->te_router_id, id, sizeof(*id)); data/frr-7.4/isisd/isis_tlvs.c:4604:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r->prefix, dest, sizeof(*dest)); data/frr-7.4/isisd/isis_tlvs.c:4652:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r->prefix, dest, sizeof(*dest)); data/frr-7.4/isisd/isis_tlvs.c:4672:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r->prefix, dest, sizeof(*dest)); data/frr-7.4/isisd/isis_tlvs.c:4702:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->subtlvs->source_prefix, src, sizeof(*src)); data/frr-7.4/isisd/isis_tlvs.c:4748:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tlvs->threeway_adj->neighbor_id, neighbor_id, 6); data/frr-7.4/isisd/isis_vty_fabricd.c:65:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint8_t tier = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:93:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int csnp_delay = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lspid[255]; data/frr-7.4/isisd/isis_vty_fabricd.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MONOTIME_STRLEN]; data/frr-7.4/isisd/isis_vty_fabricd.c:462:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t interval = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:520:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int interval = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:587:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int lifetime = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:611:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t interval = atoi(argv[1]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:714:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long init_delay = atol(argv[2]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:715:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long short_delay = atol(argv[4]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:716:20: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long long_delay = atol(argv[6]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:717:18: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long holddown = atol(argv[8]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:718:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long timetolearn = atol(argv[10]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:842:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). met = atoi(argv[idx_number]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:899:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t interval = atoi(argv[2]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:935:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t mult = atoi(argv[2]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:971:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t interval = atoi(argv[2]->arg); data/frr-7.4/isisd/isis_vty_fabricd.c:1007:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint16_t interval = atoi(argv[2]->arg); data/frr-7.4/isisd/isis_zebra.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isis_zebra.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/isisd/isisd.c:364:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr->area_addr, buff, addr->addr_len); data/frr-7.4/isisd/isisd.c:388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(isis->sysid, GETSYSID(addr), ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isisd.c:449:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr.area_addr, buff, (int)addr.addr_len); data/frr-7.4/isisd/isisd.c:572:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sysid, dynhn->id, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isisd.c:641:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sysid, dynhn->id, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isisd.c:1377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysid[255] = {0}; data/frr-7.4/isisd/isisd.c:1401:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(number, ++pos, 2); data/frr-7.4/isisd/isisd.c:1409:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(number, ++pos, 2); data/frr-7.4/isisd/isisd.c:1425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, dynhn->id, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isisd.c:1428:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lspid, isis->sysid, ISIS_SYS_ID_LEN); data/frr-7.4/isisd/isisd.c:1679:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, &modified, sizeof(modified)); data/frr-7.4/ldpd/address.c:261:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lde_addr.addr, buf, sizeof(struct in_addr)); data/frr-7.4/ldpd/address.c:276:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lde_addr.addr, buf, sizeof(struct in6_addr)); data/frr-7.4/ldpd/address.c:303:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/address.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/ldpd/hello.c:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/hello.c:568:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conf_number, buf, sizeof(uint32_t)); data/frr-7.4/ldpd/hello.c:584:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trans_pref, buf + sizeof(uint16_t), data/frr-7.4/ldpd/hello.c:588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trans_pref, buf , sizeof(uint16_t)); data/frr-7.4/ldpd/init.c:111:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/init.c:292:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/labelmapping.c:262:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/labelmapping.c:743:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.prefix.prefix, buf + off, data/frr-7.4/ldpd/labelmapping.c:759:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.pwid.type, buf + off, sizeof(uint16_t)); data/frr-7.4/ldpd/labelmapping.c:778:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.pwid.group_id, buf + off, sizeof(uint32_t)); data/frr-7.4/ldpd/labelmapping.c:792:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.pwid.pwid, buf + off, sizeof(uint32_t)); data/frr-7.4/ldpd/labelmapping.c:822:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.pwid.ifmtu, buf + off + data/frr-7.4/ldpd/labelmapping.c:843:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.twcard.type, buf + off, sizeof(uint8_t)); data/frr-7.4/ldpd/labelmapping.c:845:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&twcard_len, buf + off, sizeof(uint8_t)); data/frr-7.4/ldpd/labelmapping.c:861:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.twcard.u.prefix_af, buf + off, data/frr-7.4/ldpd/labelmapping.c:887:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&map->fec.twcard.u.pw_type, buf + off, data/frr-7.4/ldpd/lde.c:567:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nconf, imsg.data, sizeof(struct ldpd_conf)); data/frr-7.4/ldpd/lde.c:577:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(niface, imsg.data, sizeof(struct iface)); data/frr-7.4/ldpd/lde.c:584:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ntnbr, imsg.data, sizeof(struct tnbr)); data/frr-7.4/ldpd/lde.c:591:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnbrp, imsg.data, sizeof(struct nbr_params)); data/frr-7.4/ldpd/lde.c:598:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nl2vpn, imsg.data, sizeof(struct l2vpn)); data/frr-7.4/ldpd/lde.c:609:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nlif, imsg.data, sizeof(struct l2vpn_if)); data/frr-7.4/ldpd/lde.c:616:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npw, imsg.data, sizeof(struct l2vpn_pw)); data/frr-7.4/ldpd/lde.c:623:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npw, imsg.data, sizeof(struct l2vpn_pw)); data/frr-7.4/ldpd/ldp_vty_exec.c:65:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IFNAMSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timers[BUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[64]; data/frr-7.4/ldpd/ldp_vty_exec.c:284:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ifaces_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:285:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tnbrs_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:571:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char v4adjs_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:572:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char v6adjs_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adj_string[128]; data/frr-7.4/ldpd/ldp_vty_exec.c:1024:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstnet[BUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1065:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dstnet[BUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1068:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sent_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1069:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rcvd_buffer[LDPBUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstnet[BUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstnet[BUFSIZ]; data/frr-7.4/ldpd/ldp_vty_exec.c:1289:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[64]; data/frr-7.4/ldpd/ldp_vty_exec.c:1994:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). params.l2vpn.vcid = atoi(vcid); data/frr-7.4/ldpd/ldp_zebra.c:59:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kif->mac, ifp->hw_addr, ETH_ALEN); data/frr-7.4/ldpd/ldpd.c:121:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctl_sock_path[MAXPATHLEN]; data/frr-7.4/ldpd/ldpd.c:272:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). init.instance = atoi(optarg); data/frr-7.4/ldpd/ldpd.c:493:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[7]; data/frr-7.4/ldpd/ldpd.c:508:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nullfd = open("/dev/null", O_RDONLY | O_NOCTTY); data/frr-7.4/ldpd/ldpd.h:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[256]; data/frr-7.4/ldpd/ldpd.h:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group[256]; data/frr-7.4/ldpd/ldpd.h:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctl_sock_path[MAXPATHLEN]; data/frr-7.4/ldpd/ldpd.h:163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zclient_serv_path[MAXPATHLEN]; data/frr-7.4/ldpd/ldpd.h:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:315:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5key[TCP_MD5_KEY_LEN]; data/frr-7.4/ldpd/ldpd.h:400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:417:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[L2VPN_NAME_LEN]; data/frr-7.4/ldpd/ldpd.h:442:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char br_ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:486:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_thello_accept_from[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_allocate_for[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:488:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_advertise_to[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_advertise_for[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:490:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_expnull_for[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_accept_from[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:492:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl_label_accept_for[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:561:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:570:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char acl[ACL_NAMSIZ]; data/frr-7.4/ldpd/ldpd.h:588:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l2vpn_name[L2VPN_NAME_LEN]; data/frr-7.4/ldpd/ldpd.h:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/ldpd/ldpd.h:814:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ctl_sock_path[MAXPATHLEN]; data/frr-7.4/ldpd/ldpe.c:472:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nconf, imsg.data, sizeof(struct ldpd_conf)); data/frr-7.4/ldpd/ldpe.c:482:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(niface, imsg.data, sizeof(struct iface)); data/frr-7.4/ldpd/ldpe.c:489:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ntnbr, imsg.data, sizeof(struct tnbr)); data/frr-7.4/ldpd/ldpe.c:496:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nnbrp, imsg.data, sizeof(struct nbr_params)); data/frr-7.4/ldpd/ldpe.c:503:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nl2vpn, imsg.data, sizeof(struct l2vpn)); data/frr-7.4/ldpd/ldpe.c:514:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nlif, imsg.data, sizeof(struct l2vpn_if)); data/frr-7.4/ldpd/ldpe.c:521:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npw, imsg.data, sizeof(struct l2vpn_pw)); data/frr-7.4/ldpd/ldpe.c:528:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npw, imsg.data, sizeof(struct l2vpn_pw)); data/frr-7.4/ldpd/ldpe.h:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5key[TCP_MD5_KEY_LEN]; data/frr-7.4/ldpd/log.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/frr-7.4/ldpd/logmsg.c:31:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[NUM_LOGS][NI_MAXHOST]; data/frr-7.4/ldpd/logmsg.c:81:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[NUM_LOGS][INET6_ADDRSTRLEN]; data/frr-7.4/ldpd/logmsg.c:107:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tfbuf[TF_BUFS][TF_LEN]; /* ring buffer */ data/frr-7.4/ldpd/logmsg.c:137:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tfbuf[TF_BUFS][TF_LEN]; /* ring buffer */ data/frr-7.4/ldpd/logmsg.c:169:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/frr-7.4/ldpd/logmsg.c:188:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/frr-7.4/ldpd/logmsg.c:240:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/frr-7.4/ldpd/logmsg.c:351:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/frr-7.4/ldpd/logmsg.c:386:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[16]; data/frr-7.4/ldpd/logmsg.c:474:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/frr-7.4/ldpd/notification.c:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tlv, buf, TLV_HDR_SIZE); data/frr-7.4/ldpd/packet.c:120:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(struct sockaddr_dl))]; data/frr-7.4/ldpd/packet.c:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; data/frr-7.4/ldpd/packet.c:713:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*b, r->buf, dlen); data/frr-7.4/ldpd/util.c:266:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sin6->sin6_addr.s6_addr[2], &tmp16, sizeof(tmp16)); data/frr-7.4/lib/bfd.c:393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_buf[32]; data/frr-7.4/lib/buffer.c:110:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data->data + data->sp, data->cp - data->sp); data/frr-7.4/lib/buffer.c:165:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((data->data + data->cp), ptr, chunk); data/frr-7.4/lib/buffer.c:205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->data + data->cp, p, chunk); data/frr-7.4/lib/buffer.c:336:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iov, small_iov, sizeof(small_iov)); data/frr-7.4/lib/checksum.c:53:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dat, ph, sizeof(struct ipv4_ph)); data/frr-7.4/lib/checksum.c:54:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dat + sizeof(struct ipv4_ph), data, nbytes); data/frr-7.4/lib/checksum.c:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dat, ph, sizeof(struct ipv6_ph)); data/frr-7.4/lib/checksum.c:63:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dat + sizeof(struct ipv6_ph), data, nbytes); data/frr-7.4/lib/clippy.c:67:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(pyfile, "r"); data/frr-7.4/lib/command.c:153:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *argstr[cnt + 1]; data/frr-7.4/lib/command.c:364:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[6]; data/frr-7.4/lib/command.c:677:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tok.type = atoi(argv[1]->arg); data/frr-7.4/lib/command.c:1195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ve->error_buf, vty->buf, VTY_BUFSIZ); data/frr-7.4/lib/command.c:1522:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dirfd = open(config_dir, O_DIRECTORY | O_RDONLY); data/frr-7.4/lib/command.c:1525:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dirfd = open(".", O_DIRECTORY | O_RDONLY); data/frr-7.4/lib/command.c:1539:7: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(config_file_tmp); data/frr-7.4/lib/command.c:1650:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/command.c:1658:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confp = fopen(host.config, "r"); data/frr-7.4/lib/command.c:1968:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vty->lines = atoi(argv[idx_number]->arg); data/frr-7.4/lib/command.c:1993:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). host.lines = atoi(argv[idx_number]->arg); data/frr-7.4/lib/command.c:2063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p[PATH_MAX]; data/frr-7.4/lib/command_graph.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[512]; data/frr-7.4/lib/command_match.c:92:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vvline->index + 1, vline->index, data/frr-7.4/lib/command_match.c:506:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nextstack + 1, stack, data/frr-7.4/lib/command_match.c:698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/frr-7.4/lib/command_match.c:726:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, sp, str - sp); data/frr-7.4/lib/command_match.c:728:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int v = atoi(buf); data/frr-7.4/lib/command_match.c:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/frr-7.4/lib/command_match.c:782:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, sp, str - sp); data/frr-7.4/lib/command_match.c:784:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int v = atoi(buf); data/frr-7.4/lib/command_match.c:816:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(sp) > 32) data/frr-7.4/lib/csv.c:640:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096], status_child[PATH_MAX]; data/frr-7.4/lib/csv.c:644:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(status_child, O_RDONLY)) < 0) data/frr-7.4/lib/csv.c:667:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/frr-7.4/lib/csv.c:671:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hdr1[32], hdr2[32]; data/frr-7.4/lib/csv.c:677:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/csv.c:678:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(hdr2)); data/frr-7.4/lib/csv.c:690:63: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/csv.c:691:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(hdr2)); data/frr-7.4/lib/db.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BUFSIZ]; data/frr-7.4/lib/db.c:272:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(blob, blobsrc, MIN(vlen, dlen)); data/frr-7.4/lib/db.c:308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmt[BUFSIZ]; data/frr-7.4/lib/defaults.c:23:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char df_version[128] = FRR_VER_SHORT, df_profile[128] = DFLT_NAME; data/frr-7.4/lib/distribute.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *list[DISTRIBUTE_MAX]; data/frr-7.4/lib/distribute.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prefix[DISTRIBUTE_MAX]; data/frr-7.4/lib/ferr.c:131:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[11]; data/frr-7.4/lib/ferr.c:142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[256]; data/frr-7.4/lib/ferr.c:143:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ubuf[256]; data/frr-7.4/lib/ferr.c:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpmsg[512], *replacepos; data/frr-7.4/lib/ferr.h:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[384]; data/frr-7.4/lib/ferr.h:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[PATH_MAX]; data/frr-7.4/lib/ferr.h:254:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CMD_FERR_RETURN(foo_bar_set(obj, atoi(argv[1])), data/frr-7.4/lib/filter.c:286:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(point->name) >= number) data/frr-7.4/lib/filter.c:634:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/lib/filter.c:1813:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/lib/filter.c:2728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/frr_pthread.h:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char os_name[OS_THREAD_NAMELEN]; data/frr-7.4/lib/frrlua.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/frr-7.4/lib/frrstr.c:104:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, parts[i], arglen); data/frr-7.4/lib/frrstr.c:107:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, join, joinlen); data/frr-7.4/lib/frrstr.c:179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ch, replace, repllen); data/frr-7.4/lib/grammar_sandbox.c:277:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *ofd = fopen(argv[2]->arg, "w"); data/frr-7.4/lib/grammar_sandbox.c:350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accumulate[2048] = ""; data/frr-7.4/lib/grammar_sandbox.c:462:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cnode = vector_slot(cmdvec, atoi(argv[2]->arg)); data/frr-7.4/lib/grammar_sandbox.c:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tokennum[32]; data/frr-7.4/lib/graph.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[64]; data/frr-7.4/lib/hash.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char underln[sizeof(header) + strlen(frr_protonameinst)]; data/frr-7.4/lib/if.c:718:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char logbuf[BUFSIZ]; data/frr-7.4/lib/if.c:945:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[BUFSIZ]; data/frr-7.4/lib/if.c:946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/if.c:971:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuf[BUFSIZ]; data/frr-7.4/lib/if.c:972:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/if.c:1083:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifc->address, p, sizeof(struct prefix)); data/frr-7.4/lib/if.c:1088:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifc->destination, destination, sizeof(struct prefix)); data/frr-7.4/lib/if.c:1312:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_list[XPATH_MAXLEN]; data/frr-7.4/lib/if.c:1748:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&macaddr.octet, ifp->hw_addr, ETH_ALEN); data/frr-7.4/lib/if.h:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[INTERFACE_NAMSIZ]; data/frr-7.4/lib/if_rmap.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *routemap[IF_RMAP_MAX]; data/frr-7.4/lib/imsg-buffer.c:85:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->buf + buf->wpos, data, len); data/frr-7.4/lib/imsg-buffer.c:214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(int))]; data/frr-7.4/lib/imsg-buffer.c:240:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &buf->fd, sizeof(int)); data/frr-7.4/lib/imsg.c:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(int) * 1)]; data/frr-7.4/lib/imsg.c:186:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(imsg->data, ibuf->r.rptr, datalen); data/frr-7.4/lib/ipaddr.h:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)in6 + 8, &addr_type, sizeof(addr_type)); data/frr-7.4/lib/ipaddr.h:109:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)in6 + 12, &in, sizeof(struct in_addr)); data/frr-7.4/lib/ipaddr.h:119:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in, (char *)in6 + 12, sizeof(struct in_addr)); data/frr-7.4/lib/keychain.c:996:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/lib_vty.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MTYPE_MEMSTR_LEN]; data/frr-7.4/lib/lib_vty.c:97:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[32]; data/frr-7.4/lib/lib_vty.c:155:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origin[MAXPATHLEN] = ""; data/frr-7.4/lib/libfrr.c:52:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frr_vtydir[256]; data/frr-7.4/lib/libfrr.c:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frr_protoname[256] = "NONE"; data/frr-7.4/lib/libfrr.c:59:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frr_protonameinst[256] = "NONE"; data/frr-7.4/lib/libfrr.c:61:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char config_default[512]; data/frr-7.4/lib/libfrr.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frr_zclientpath[256]; data/frr-7.4/lib/libfrr.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pidfile_default[1024]; data/frr-7.4/lib/libfrr.c:65:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dbfile_default[512]; data/frr-7.4/lib/libfrr.c:67:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vtypath_default[512]; data/frr-7.4/lib/libfrr.c:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char comb_optstr[256]; data/frr-7.4/lib/libfrr.c:75:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char comb_helpstr[4096]; data/frr-7.4/lib/libfrr.c:90:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(comb_next_lo++, lo, sizeof(*lo)); data/frr-7.4/lib/libfrr.c:584:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/lib/libfrr.c:597:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, path, plen); data/frr-7.4/lib/libfrr.c:633:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char moderr[256]; data/frr-7.4/lib/libfrr.c:634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_instance[16] = "", p_pathspace[256] = ""; data/frr-7.4/lib/libfrr.c:774:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/frr-7.4/lib/libfrr.c:947:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defvtydir[256]; data/frr-7.4/lib/libfrr.c:993:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nullfd = open("/dev/null", O_RDONLY | O_NOCTTY); data/frr-7.4/lib/libfrr.c:1010:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/frr-7.4/lib/libfrr.c:1053:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instanceinfo[64] = ""; data/frr-7.4/lib/libfrr.c:1074:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int nullfd = open("/dev/null", O_RDONLY | O_NOCTTY); data/frr-7.4/lib/libfrr.c:1105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[128]; data/frr-7.4/lib/libfrr.c:1144:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "w"); data/frr-7.4/lib/libfrr.h:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startinfo[128]; data/frr-7.4/lib/libfrr.h:155:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char config_default[512]; data/frr-7.4/lib/libfrr.h:156:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char frr_zclientpath[256]; data/frr-7.4/lib/libfrr.h:158:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char frr_vtydir[256]; data/frr-7.4/lib/log.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[28]; data/frr-7.4/lib/log.c:92:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, cache.buf, cache.len); data/frr-7.4/lib/log.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof("DEFAULT: Received signal S at T (si_addr 0xP, PC 0xP); aborting...") data/frr-7.4/lib/log.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/lib/log.c:185:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128] = "?"; data/frr-7.4/lib/log.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/lib/log.c:237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/lib/log.c:247:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128] = "?"; data/frr-7.4/lib/log.c:578:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[64]; data/frr-7.4/lib/log.h:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[QUAGGA_TIMESTAMP_LEN]; /* will contain the rendered timestamp data/frr-7.4/lib/log_filter.c:27:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char zlog_filters[ZLOG_FILTERS_MAX][ZLOG_FILTER_LENGTH_MAX + 1]; data/frr-7.4/lib/log_vty.c:263:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATHLEN + 1]; data/frr-7.4/lib/log_vty.c:270:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[MAXPATHLEN + 1]; data/frr-7.4/lib/log_vty.c:309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[8]; data/frr-7.4/lib/log_vty.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char log_filters[ZLOG_FILTERS_MAX * (ZLOG_FILTER_LENGTH_MAX + 3)] = ""; data/frr-7.4/lib/md5.c:148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf + ctxt->md5_i, input, gap); data/frr-7.4/lib/md5.c:156:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf, (input + i), ctxt->md5_i); data/frr-7.4/lib/md5.c:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf + ctxt->md5_i, input, len); data/frr-7.4/lib/md5.c:170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf + ctxt->md5_i, md5_paddat, data/frr-7.4/lib/md5.c:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf + ctxt->md5_i, md5_paddat, gap); data/frr-7.4/lib/md5.c:176:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt->md5_buf, md5_paddat + gap, data/frr-7.4/lib/md5.c:182:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctxt->md5_buf[56], &ctxt->md5_n8[0], 8); data/frr-7.4/lib/md5.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, &ctxt->md5_st8[0], 16); data/frr-7.4/lib/md5.c:382:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k_ipad[65]; /* inner padding - data/frr-7.4/lib/md5.c:385:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char k_opad[65]; /* outer padding - data/frr-7.4/lib/md5.c:388:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tk[16]; data/frr-7.4/lib/md5.c:417:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(key, k_ipad, key_len); data/frr-7.4/lib/md5.c:418:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(key, k_opad, key_len); data/frr-7.4/lib/memory.c:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[32]; data/frr-7.4/lib/mlag.h:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peerlink_rif[INTERFACE_NAMSIZ]; data/frr-7.4/lib/mlag.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrf_name[VRF_NAMSIZ]; data/frr-7.4/lib/mlag.h:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intf_name[INTERFACE_NAMSIZ]; data/frr-7.4/lib/mlag.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrf_name[VRF_NAMSIZ]; data/frr-7.4/lib/mlag.h:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intf_name[INTERFACE_NAMSIZ]; data/frr-7.4/lib/module.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PATH_MAX], fullpath[PATH_MAX * 2], *args; data/frr-7.4/lib/mpls.c:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(labels, pl, *num_labels * sizeof(mpls_label_t)); data/frr-7.4/lib/mpls.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[BUFSIZ]; data/frr-7.4/lib/netns_linux.c:111:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(NS_DEFAULT_NAME, O_RDONLY); data/frr-7.4/lib/netns_linux.c:215:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ns->fd = open(ns->name, O_RDONLY); data/frr-7.4/lib/netns_linux.c:424:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pathname[PATH_MAX]; data/frr-7.4/lib/netns_linux.c:432:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_name[PATH_MAX]; data/frr-7.4/lib/netns_linux.c:473:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ns_default_ns_fd = open(NS_DEFAULT_NAME, O_RDONLY); data/frr-7.4/lib/netns_linux.c:495:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(NS_DEFAULT_NAME, O_RDONLY); data/frr-7.4/lib/netns_linux.c:535:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY); data/frr-7.4/lib/network.c:114:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lu1, &host, sizeof(uint32_t)); data/frr-7.4/lib/network.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&convert, &lu2, sizeof(uint32_t)); data/frr-7.4/lib/nexthop.c:582:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gate_src_rmap_raw, &nexthop->gate, GATE_SIZE); data/frr-7.4/lib/nexthop.c:583:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gate_src_rmap_raw + GATE_SIZE, &nexthop->src, GATE_SIZE); data/frr-7.4/lib/nexthop.c:584:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gate_src_rmap_raw + (2 * GATE_SIZE), &nexthop->rmap_src, data/frr-7.4/lib/nexthop.c:602:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(©->gate, &nexthop->gate, sizeof(nexthop->gate)); data/frr-7.4/lib/nexthop.c:603:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(©->src, &nexthop->src, sizeof(nexthop->src)); data/frr-7.4/lib/nexthop.c:604:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(©->rmap_src, &nexthop->rmap_src, sizeof(nexthop->rmap_src)); data/frr-7.4/lib/nexthop_group.c:921:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh, &nhop, sizeof(nhop)); data/frr-7.4/lib/nexthop_group.c:947:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/lib/nexthop_group.c:982:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/frr-7.4/lib/nexthop_group.c:1002:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/frr-7.4/lib/nexthop_group.c:1077:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh, &nhop, sizeof(nhop)); data/frr-7.4/lib/nexthop_group.c:1156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh, &nhop, sizeof(nhop)); data/frr-7.4/lib/nexthop_group.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NHGC_NAME_SIZE]; data/frr-7.4/lib/nexthop_group.h:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_list_name[NHGC_NAME_SIZE]; data/frr-7.4/lib/northbound.c:511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_edit[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:787:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:959:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:1164:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:1341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN * 2]; data/frr-7.4/lib/northbound.c:1399:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:1750:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.c:1829:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_buf[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.h:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound.h:568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[80]; data/frr-7.4/lib/northbound_cli.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_base[XPATH_MAXLEN] = {}; data/frr-7.4/lib/northbound_cli.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound_cli.c:565:7: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(path); data/frr-7.4/lib/northbound_cli.c:590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char config1_path[256]; data/frr-7.4/lib/northbound_cli.c:591:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char config2_path[256]; data/frr-7.4/lib/northbound_cli.c:592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[BUFSIZ]; data/frr-7.4/lib/northbound_cli.c:594:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/frr-7.4/lib/northbound_cli.c:1394:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags[8]; data/frr-7.4/lib/northbound_cli.c:1534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comment[80]; data/frr-7.4/lib/northbound_confd.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound_confd.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[YANG_VALUE_MAXLEN]; data/frr-7.4/lib/northbound_confd.c:615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:704:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pointer_str[16]; data/frr-7.4/lib/northbound_confd.c:761:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:762:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_child[XPATH_MAXLEN]; data/frr-7.4/lib/northbound_confd.c:835:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pseudo_keys[CONFD_OBJECTS_PER_TIME][16]; data/frr-7.4/lib/northbound_confd.c:919:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_child[XPATH_MAXLEN]; data/frr-7.4/lib/northbound_confd.c:1062:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:1094:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_input[BUFSIZ]; data/frr-7.4/lib/northbound_confd.c:1095:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[YANG_VALUE_MAXLEN]; data/frr-7.4/lib/northbound_sysrepo.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[YANG_VALUE_MAXLEN]; data/frr-7.4/lib/northbound_sysrepo.c:247:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/northbound_sysrepo.c:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[YANG_VALUE_MAXLEN]; data/frr-7.4/lib/ntop.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8 * 5], *o = buf; data/frr-7.4/lib/ntop.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, i); data/frr-7.4/lib/pid_output.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/frr-7.4/lib/pid_output.c:43:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_CREAT, PIDFILE_MASK); data/frr-7.4/lib/plist.c:235:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(point->name) >= number) data/frr-7.4/lib/plist.c:777:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/plist.c:866:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/lib/plist.c:870:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). genum = atoi(ge); data/frr-7.4/lib/plist.c:872:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lenum = atoi(le); data/frr-7.4/lib/plist.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/plist.c:934:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_tmp[PREFIX2STR_BUFFER]; data/frr-7.4/lib/plist.c:1009:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/lib/plist.c:1029:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). genum = atoi(ge); data/frr-7.4/lib/plist.c:1031:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lenum = atoi(le); data/frr-7.4/lib/plist.c:1164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/plist.c:1199:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqnum = (int64_t)atol(seq); data/frr-7.4/lib/plist.c:1271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/plist.c:1791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/plist.c:1830:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/plist.c:1961:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_a[BUFSIZ]; data/frr-7.4/lib/plist.c:1962:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_b[BUFSIZ]; data/frr-7.4/lib/plist.c:1997:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/lib/prefix.c:312:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->u.prefix_eth, &src->u.prefix_eth, data/frr-7.4/lib/prefix.c:315:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest->u.prefix_evpn, &src->u.prefix_evpn, data/frr-7.4/lib/prefix.c:330:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)dest->u.prefix_flowspec.ptr, data/frr-7.4/lib/prefix.c:556:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, str, pnt - str); data/frr-7.4/lib/prefix.c:564:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plen = (uint8_t)atoi(++pnt); data/frr-7.4/lib/prefix.c:598:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plen = (uint8_t)atoi(++pnt); data/frr-7.4/lib/prefix.c:605:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, str, pnt - str); data/frr-7.4/lib/prefix.c:721:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, str, pnt - str); data/frr-7.4/lib/prefix.c:727:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plen = (uint8_t)atoi(++pnt); data/frr-7.4/lib/prefix.c:837:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->prefix, &su->sin6.sin6_addr, data/frr-7.4/lib/prefix.c:852:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su->sin6.sin6_addr, &p->u.prefix6, data/frr-7.4/lib/prefix.c:906:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/prefix.c:907:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/lib/prefix.c:935:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/prefix.c:951:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ESI_STR_LEN]; data/frr-7.4/lib/prefix.c:964:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/prefix.c:1004:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/prefix.c:1071:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/lib/prefix.c:1072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/lib/prefix.c:1183:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[INET6_ADDRSTRLEN]; data/frr-7.4/lib/prefix.h:365:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define IPV6_ADDR_COPY(D,S) memcpy ((D), (S), IPV6_MAX_BYTELEN) data/frr-7.4/lib/printf/glue.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/lib/printf/glue.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/lib/printf/glue.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[2]; data/frr-7.4/lib/printf/glue.c:209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entries[i].fmt, ext->match, 2); data/frr-7.4/lib/printf/printf-pos.c:663:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(oldtable, newtable, oldsize * sizeof(enum typeid)); data/frr-7.4/lib/printf/printfcommon.h:78:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iop->cb->pos, ptr, copylen); data/frr-7.4/lib/printf/vfprintf.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MB_LEN_MAX]; data/frr-7.4/lib/printf/vfprintf.c:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF]; /* buffer with space for digits of uintmax_t */ data/frr-7.4/lib/printf/vfprintf.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ox[2]; /* space for 0x; ox[1] is either x, X, or \0 */ data/frr-7.4/lib/printf/vfprintf.c:181:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char xdigs_lower[16] = "0123456789abcdef"; data/frr-7.4/lib/printf/vfprintf.c:182:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char xdigs_upper[16] = "0123456789ABCDEF"; data/frr-7.4/lib/printf/vfprintf.c:476:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[6] = "%.*L"; data/frr-7.4/lib/printf/vfprintf.c:483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[5] = "%.*"; data/frr-7.4/lib/printfrr.h:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *out; \ data/frr-7.4/lib/printfrr.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char match[8]; data/frr-7.4/lib/ptm_lib.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msglen_buf[16], vers_buf[16], type_buf[16], cmdid_buf[16]; data/frr-7.4/lib/ptm_lib.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client_buf[32]; data/frr-7.4/lib/ptm_lib.c:102:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *msglen = atoi(hdr); data/frr-7.4/lib/ptm_lib.c:108:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *version = atoi(hdr); data/frr-7.4/lib/ptm_lib.c:114:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *type = atoi(hdr); data/frr-7.4/lib/ptm_lib.c:120:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *cmd_id = atoi(hdr); data/frr-7.4/lib/ptm_lib.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client_name[32]; data/frr-7.4/lib/ptm_lib.h:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char client_name[PTMLIB_MAXNAMELEN]; data/frr-7.4/lib/pullwr.c:153:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf, iov[0].iov_base, iov[0].iov_len); data/frr-7.4/lib/pullwr.c:155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf + iov[0].iov_len, data/frr-7.4/lib/pullwr.c:173:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pullwr->buffer + pos, data, len); data/frr-7.4/lib/pullwr.c:179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pullwr->buffer + pullwr->pos + pullwr->valid, data/frr-7.4/lib/pullwr.c:184:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pullwr->buffer, (char *)data + max1, len1); data/frr-7.4/lib/pw.h:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vpn_name[L2VPN_NAME_LEN]; data/frr-7.4/lib/resolver.c:169:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr[i].sin.sin_addr, data/frr-7.4/lib/resolver.c:173:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr[i].sin6.sin6_addr, data/frr-7.4/lib/ringbuf.c:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + buf->end, dp, ts); data/frr-7.4/lib/ringbuf.c:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->data + buf->end, dp, tocopy); data/frr-7.4/lib/ringbuf.c:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, buf->data + buf->start, ts); data/frr-7.4/lib/ringbuf.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, buf->data + buf->start, tocopy); data/frr-7.4/lib/ringbuf.c:104:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, buf->data + cstart, ts); data/frr-7.4/lib/ringbuf.c:109:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, buf->data + cstart, tocopy); data/frr-7.4/lib/routemap.c:2397:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/lib/routemap.c:3135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN], pbuf[SU_ADDRSTRLEN]; data/frr-7.4/lib/routemap_cli.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_action[XPATH_MAXLEN + 64]; data/frr-7.4/lib/routemap_cli.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_index[XPATH_MAXLEN + 32]; data/frr-7.4/lib/routemap_cli.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN + 32]; data/frr-7.4/lib/routemap_cli.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN + 32]; data/frr-7.4/lib/routemap_cli.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:415:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:449:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:484:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:520:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:585:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:709:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:744:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/routemap_cli.c:784:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/frr-7.4/lib/routemap_cli.c:838:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/lib/sha256.c:107:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static void SHA256_Transform(uint32_t *state, const unsigned char block[64]) data/frr-7.4/lib/sha256.c:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(S, state, 32); data/frr-7.4/lib/sha256.c:199:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char PAD[64] = { data/frr-7.4/lib/sha256.c:207:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char len[8]; data/frr-7.4/lib/sha256.c:264:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buf[r], src, len); data/frr-7.4/lib/sha256.c:269:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->buf[r], src, 64 - r); data/frr-7.4/lib/sha256.c:282:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buf, src, len); data/frr-7.4/lib/sha256.c:289:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx) data/frr-7.4/lib/sha256.c:305:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[64]; data/frr-7.4/lib/sha256.c:306:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char khash[32]; data/frr-7.4/lib/sha256.c:346:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void HMAC__SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX *ctx) data/frr-7.4/lib/sha256.c:348:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ihash[32]; data/frr-7.4/lib/sha256.c:390:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX)); data/frr-7.4/lib/sha256.c:395:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(T, U, 32); data/frr-7.4/lib/sha256.c:412:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[i * 32], T, clen); data/frr-7.4/lib/sha256.h:39:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/frr-7.4/lib/snmp.c:50:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(dest, src, size * sizeof(oid)); data/frr-7.4/lib/snmp.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, fulloid, (v->namelen + 1) * sizeof(oid)); data/frr-7.4/lib/sockopt.c:265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1][INET_ADDRSTRLEN]; data/frr-7.4/lib/sockopt.c:307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1][INET_ADDRSTRLEN]; data/frr-7.4/lib/sockopt.c:357:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/lib/sockopt.c:656:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su2->sin6.sin6_addr.s6_addr32[3], data/frr-7.4/lib/sockopt.c:662:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&md5sig.tcpm_addr, su2, sizeof(*su2)); data/frr-7.4/lib/sockopt.c:666:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5sig.tcpm_key, password, keylen); data/frr-7.4/lib/sockunion.c:112:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sin.sin_addr, ((char *)&su->sin6.sin6_addr) + 12, 4); data/frr-7.4/lib/sockunion.c:113:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(su, &sin, sizeof(struct sockaddr_in)); data/frr-7.4/lib/sockunion.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/lib/sockunion.c:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su, peersu, sizeof(union sockunion)); data/frr-7.4/lib/sockunion.c:215:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[SU_ADDRSTRLEN]; data/frr-7.4/lib/sockunion.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/lib/sockunion.c:500:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su->sin.sin_addr.s_addr, addr, bytes); data/frr-7.4/lib/sockunion.c:503:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&su->sin6.sin6_addr, addr, bytes); data/frr-7.4/lib/sockunion.c:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buffer[128]; data/frr-7.4/lib/sockunion.c:534:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(su, &name, sizeof(struct sockaddr_in)); data/frr-7.4/lib/sockunion.c:539:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(su, &name, sizeof(struct sockaddr_in6)); data/frr-7.4/lib/sockunion.c:555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buffer[128]; data/frr-7.4/lib/sockunion.c:570:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(su, &name, sizeof(struct sockaddr_in)); data/frr-7.4/lib/sockunion.c:575:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(su, &name, sizeof(struct sockaddr_in6)); data/frr-7.4/lib/sockunion.c:593:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/lib/sockunion.c:656:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dup, su, sizeof(union sockunion)); data/frr-7.4/lib/spf_backoff.c:191:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timebuf[256]; data/frr-7.4/lib/srcdest_table.c:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_buf[PREFIX_STRLEN], src_buf[PREFIX_STRLEN]; data/frr-7.4/lib/srv6.c:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/frr-7.4/lib/srv6.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b0[128]; data/frr-7.4/lib/srv6.h:116:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(dst, src, sizeof(struct in6_addr)); data/frr-7.4/lib/stream.c:133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, src->data, src->endp); data/frr-7.4/lib/stream.c:161:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, s1->data, offset); data/frr-7.4/lib/stream.c:162:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data + offset, s2->data, s2->endp); data/frr-7.4/lib/stream.c:163:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data + offset + s2->endp, s1->data + offset, data/frr-7.4/lib/stream.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, s->data + s->getp, size); data/frr-7.4/lib/stream.c:292:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, s->data + s->getp, size); data/frr-7.4/lib/stream.c:460:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, s->data + from, size); data/frr-7.4/lib/stream.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&l, s->data + s->getp, sizeof(uint32_t)); data/frr-7.4/lib/stream.c:626:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, src, size); data/frr-7.4/lib/stream.c:829:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, &l, sizeof(uint32_t)); data/frr-7.4/lib/stream.c:845:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, addr, sizeof(uint32_t)); data/frr-7.4/lib/stream.c:862:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->data[putp], addr, 4); data/frr-7.4/lib/stream.c:877:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->data[putp], addr, 16); data/frr-7.4/lib/stream.c:910:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, &p->u.prefix, psize); data/frr-7.4/lib/stream.c:951:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, &p->u.prefix, psize); data/frr-7.4/lib/stream.c:1080:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->data + s->endp, ptr, size); data/frr-7.4/lib/strlcat.c:57:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, src, to_copy); data/frr-7.4/lib/strlcpy.c:50:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, destsize); data/frr-7.4/lib/strlcpy.c:55:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, src_length + 1); data/frr-7.4/lib/systemd.c:78:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). usec = atol(watchdog); data/frr-7.4/lib/systemd.c:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/frr-7.4/lib/termtable.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortbuf[256]; data/frr-7.4/lib/termtable.c:372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&right[1], newline, nl_len); data/frr-7.4/lib/termtable.c:374:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&right[0], newline, nl_len); data/frr-7.4/lib/termtable.c:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], left, lsize); data/frr-7.4/lib/termtable.c:387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], right, rsize); data/frr-7.4/lib/termtable.c:396:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], left, lsize); data/frr-7.4/lib/termtable.c:412:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], right, rsize); data/frr-7.4/lib/termtable.c:416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], left, lsize); data/frr-7.4/lib/termtable.c:455:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], right, rsize); data/frr-7.4/lib/termtable.c:460:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], left, lsize); data/frr-7.4/lib/termtable.c:476:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], right, rsize); data/frr-7.4/lib/termtable.c:484:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], left, lsize); data/frr-7.4/lib/termtable.c:490:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[pos], right, rsize); data/frr-7.4/lib/thread.c:181:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char underline[strlen(name) + 1]; data/frr-7.4/lib/thread.c:323:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char underline[strlen(name) + 1]; data/frr-7.4/lib/thread.c:739:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char trash[64]; data/frr-7.4/lib/thread.c:1430:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m->handler.copy, m->handler.pfds, data/frr-7.4/lib/vector.c:60:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->index, v->index, size); data/frr-7.4/lib/vector.c:209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dest, v->index, sizeof(void *) * v->active); data/frr-7.4/lib/vrf.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vrf_default_name[VRF_NAMSIZ] = VRF_DEFAULT_NAME_INTERNAL; data/frr-7.4/lib/vrf.c:617:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_list[XPATH_MAXLEN]; data/frr-7.4/lib/vrf.c:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_list[XPATH_MAXLEN]; data/frr-7.4/lib/vrf.h:63:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netns_name[NS_NAMSIZ]; data/frr-7.4/lib/vrf.h:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VRF_NAMSIZ + 1]; data/frr-7.4/lib/vty.c:97:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vty_cwd[MAXPATHLEN]; data/frr-7.4/lib/vty.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/frr-7.4/lib/vty.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/frr-7.4/lib/vty.c:268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/frr-7.4/lib/vty.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ctl->buf, len = ctl->len); data/frr-7.4/lib/vty.c:322:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[QUAGGA_TIMESTAMP_LEN]; data/frr-7.4/lib/vty.c:341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/frr-7.4/lib/vty.c:343:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(host.motdfile, "r"); data/frr-7.4/lib/vty.c:496:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vty_str[VTY_BUFSIZ]; data/frr-7.4/lib/vty.c:497:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt_str[VTY_BUFSIZ]; data/frr-7.4/lib/vty.c:624:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vty->buf[vty->cp], str, nwrite); data/frr-7.4/lib/vty.c:676:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vty->buf, vty->hist[vty->hp], length); data/frr-7.4/lib/vty.c:1002:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, p, pos); data/frr-7.4/lib/vty.c:1352:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[VTY_READ_BUFSIZ]; data/frr-7.4/lib/vty.c:1646:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/lib/vty.c:1805:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/lib/vty.c:1879:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[BUFSIZ]; data/frr-7.4/lib/vty.c:2083:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[VTY_READ_BUFSIZ]; data/frr-7.4/lib/vty.c:2369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/frr-7.4/lib/vty.c:2376:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sav = open(fullpath_sav, O_RDONLY); data/frr-7.4/lib/vty.c:2386:8: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). tmp = mkstemp(fullpath_tmp); data/frr-7.4/lib/vty.c:2401:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = fopen(fullpath, "r"); data/frr-7.4/lib/vty.c:2422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[MAXPATHLEN]; data/frr-7.4/lib/vty.c:2445:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confp = fopen(fullpath, "r"); data/frr-7.4/lib/vty.c:2496:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confp = fopen(config_default_dir, "r"); data/frr-7.4/lib/vty.c:2554:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crlf[4] = "\r\n"; data/frr-7.4/lib/vty.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_buf[VTY_BUFSIZ]; data/frr-7.4/lib/vty.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/vty.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *hist[VTY_MAXHIST]; data/frr-7.4/lib/vty.h:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[VTY_MAXDEPTH][XPATH_MAXLEN]; data/frr-7.4/lib/vty.h:164:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sb_buf[TELNET_NAWS_SB_LEN]; data/frr-7.4/lib/vty.h:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address[SU_ADDRSTRLEN]; data/frr-7.4/lib/vty.h:194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frame[1024]; data/frr-7.4/lib/yang.c:382:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.c:435:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.c:460:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.c:584:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.h:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[LIST_MAXKEYS][LIST_MAXKEYLEN]; data/frr-7.4/lib/yang_translator.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_from_canonical[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_from_fmt[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_to_fmt[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.c:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_canonical[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.c:314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keys[4][LIST_MAXKEYLEN]; data/frr-7.4/lib/yang_translator.c:367:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.c:423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_translator.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char family[32]; data/frr-7.4/lib/yang_wrappers.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:321:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:373:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:395:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:425:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:447:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:477:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:499:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:529:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:551:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:565:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:581:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:617:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:633:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:655:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[BUFSIZ]; data/frr-7.4/lib/yang_wrappers.c:669:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:685:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:715:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:737:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:748:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:759:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:772:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:807:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[PREFIX2STR_BUFFER]; data/frr-7.4/lib/yang_wrappers.c:821:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:843:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:866:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[INET_ADDRSTRLEN]; data/frr-7.4/lib/yang_wrappers.c:880:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:896:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:922:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[PREFIX2STR_BUFFER]; data/frr-7.4/lib/yang_wrappers.c:937:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:953:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:976:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[INET6_ADDRSTRLEN]; data/frr-7.4/lib/yang_wrappers.c:990:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1032:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[PREFIX2STR_BUFFER]; data/frr-7.4/lib/yang_wrappers.c:1047:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1086:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[sz]; data/frr-7.4/lib/yang_wrappers.c:1100:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/lib/yang_wrappers.c:1131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_str[ETHER_ADDR_STRLEN]; data/frr-7.4/lib/yang_wrappers.c:1145:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[MONOTIME_STRLEN]; data/frr-7.4/lib/zclient.c:1006:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/zclient.c:1029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/zclient.c:1050:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/zclient.c:1073:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/lib/zclient.c:1718:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrfname_tmp[VRF_NAMSIZ + 1] = {}; data/frr-7.4/lib/zclient.c:1736:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vrf->data.l.netns_name, data.l.netns_name, NS_NAMSIZ); data/frr-7.4/lib/zclient.c:1768:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname_tmp[INTERFACE_NAMSIZ + 1] = {}; data/frr-7.4/lib/zclient.c:1802:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname_tmp[INTERFACE_NAMSIZ + 1] = {}; data/frr-7.4/lib/zclient.c:2130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/lib/zclient.c:2232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ + 1] = {}; data/frr-7.4/lib/zclient.h:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/lib/zclient.h:514:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/lib/zebra.h:103:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define va_copy(DST,SRC) memcpy(&(DST), &(SRC), sizeof(va_list)) data/frr-7.4/lib/zlog.c:59:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEFINE_HOOK(zlog_init, (const char *progname, const char *protoname, data/frr-7.4/lib/zlog.c:59:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEFINE_HOOK(zlog_init, (const char *progname, const char *protoname, data/frr-7.4/lib/zlog.c:63:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. DEFINE_HOOK(zlog_aux_init, (const char *prefix, int prio_min), data/frr-7.4/lib/zlog.c:66:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zlog_prefix[128]; data/frr-7.4/lib/zlog.c:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts_str[32], *ts_dot, ts_zonetail[8]; data/frr-7.4/lib/zlog.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mmpath[MAXPATHLEN]; data/frr-7.4/lib/zlog.c:294:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mmpath[MAXPATHLEN]; data/frr-7.4/lib/zlog.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stackbuf[512]; data/frr-7.4/lib/zlog.c:576:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, msg->ts_str, len1); data/frr-7.4/lib/zlog.c:577:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + len1, msg->ts_zonetail, len2); data/frr-7.4/lib/zlog.c:615:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char zlog_tmpdir[MAXPATHLEN]; data/frr-7.4/lib/zlog.c:663:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zlog_tmpdirfd = open(zlog_tmpdir, data/frr-7.4/lib/zlog.c:666:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zlog_tmpdirfd = open(zlog_tmpdir, data/frr-7.4/lib/zlog_targets.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts_buf[TS_LEN * nmsgs], *ts_pos = ts_buf; data/frr-7.4/lib/zlog_targets.c:91:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. iov[iovpos].iov_len = ts_pos - (char *)iov[iovpos].iov_base; data/frr-7.4/lib/zlog_targets.c:96:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. iov[iovpos].iov_base = (char *)prionames[prio]; data/frr-7.4/lib/zlog_targets.c:137:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. iov[0].iov_base = (char *)prionames[LOG_CRIT]; data/frr-7.4/lib/zlog_targets.c:203:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(zcf->filename, data/frr-7.4/lib/zlog_targets.c:283:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(zcf->filename, data/frr-7.4/lib/zlog_targets.c:452:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hdr[192]; data/frr-7.4/lib/zlog_targets.c:475:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). syslog_fd = open(_PATH_LOG, O_WRONLY | O_NOCTTY); data/frr-7.4/nhrpd/linux.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lladdr.sll_addr, addr, addrlen); data/frr-7.4/nhrpd/linux.c:100:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, lladdr.sll_addr, lladdr.sll_halen); data/frr-7.4/nhrpd/linux.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[PATH_MAX]; data/frr-7.4/nhrpd/linux.c:136:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_WRONLY); data/frr-7.4/nhrpd/netlink_arp.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_cache.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_cache.c:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_cache.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_event.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], result[64] = ""; data/frr-7.4/nhrpd/nhrp_event.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, zbuf_pulln(&zl, len), len); data/frr-7.4/nhrpd/nhrp_interface.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_interface.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_interface.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_interface.c:356:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_nhs.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/nhrpd/nhrp_nhs.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_nhs.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[SU_ADDRSTRLEN], buf2[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][256]; data/frr-7.4/nhrpd/nhrp_peer.c:330:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:505:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pay, zbuf_pulln(&p->payload, paylen), paylen); data/frr-7.4/nhrpd/nhrp_peer.c:632:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:679:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:862:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_peer.c:903:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_route.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_route.c:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_route.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/nhrpd/nhrp_shortcut.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufp[PREFIX_STRLEN], buf[4][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vc.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/nhrpd/nhrp_vty.c:387:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/frr-7.4/nhrpd/nhrp_vty.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/frr-7.4/nhrpd/nhrp_vty.c:611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:676:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:713:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN], buf2[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:755:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:891:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:1004:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrp_vty.c:1028:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/nhrpd.h:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[MAX_ID_LENGTH]; data/frr-7.4/nhrpd/vici.c:45:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, b->ptr, b->len); data/frr-7.4/nhrpd/vici.c:59:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sections[8]; data/frr-7.4/nhrpd/vici.c:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/frr-7.4/nhrpd/vici.c:280:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/frr-7.4/nhrpd/vici.c:295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/nhrpd/vici.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][SU_ADDRSTRLEN]; data/frr-7.4/nhrpd/zbuf.c:231:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, len); data/frr-7.4/nhrpd/zbuf.h:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, len); data/frr-7.4/nhrpd/zbuf.h:160:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, len); data/frr-7.4/nhrpd/znl.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, val, len); data/frr-7.4/ospf6d/ospf6_abr.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_abr.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_abr.c:507:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &route->prefix.u.prefix6, data/frr-7.4/ospf6d/ospf6_abr.c:801:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_abr.c:867:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[3] = {0, 0, 0}; data/frr-7.4/ospf6d/ospf6_abr.c:871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_abr.c:878:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router[16]; data/frr-7.4/ospf6d/ospf6_abr.c:1333:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_abr.c:1345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_abr.c:1387:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/ospf6d/ospf6_area.c:524:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_area.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/frr-7.4/ospf6d/ospf6_asbr.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_asbr.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_asbr.c:112:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &route->prefix.u.prefix6, data/frr-7.4/ospf6d/ospf6_asbr.c:119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &info->forwarding, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_asbr.c:127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &network_order, sizeof(network_order)); data/frr-7.4/ospf6d/ospf6_asbr.c:211:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_asbr.c:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_asbr.c:508:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->path.ls_prefix, &asbr_id, sizeof(struct prefix)); data/frr-7.4/ospf6d/ospf6_asbr.c:562:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_asbr.c:825:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/frr-7.4/ospf6d/ospf6_asbr.c:1025:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX2STR_BUFFER], ibuf[16]; data/frr-7.4/ospf6d/ospf6_asbr.c:1079:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info->forwarding, &tinfo.forwarding, data/frr-7.4/ospf6d/ospf6_asbr.c:1118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->prefix, prefix, sizeof(struct prefix)); data/frr-7.4/ospf6d/ospf6_asbr.c:1132:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&info->forwarding, &tinfo.forwarding, data/frr-7.4/ospf6d/ospf6_asbr.c:1179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX2STR_BUFFER], ibuf[16]; data/frr-7.4/ospf6d/ospf6_asbr.c:1507:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). route->path.cost = atoi(metric); data/frr-7.4/ospf6d/ospf6_asbr.c:1753:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_asbr.c:1763:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/ospf6d/ospf6_asbr.c:1812:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[PREFIX2STR_BUFFER], id[16], forwarding[64]; data/frr-7.4/ospf6d/ospf6_bfd.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[64]; data/frr-7.4/ospf6d/ospf6_bfd.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[64]; data/frr-7.4/ospf6d/ospf6_bfd.c:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[64]; data/frr-7.4/ospf6d/ospf6_bfd.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_interface.c:438:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_interface.c:454:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->prefix, c->address, sizeof(struct prefix)); data/frr-7.4/ospf6d/ospf6_interface.c:904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[PREFIX2STR_BUFFER], drouter[32], bdrouter[32]; data/frr-7.4/ospf6d/ospf6_interface.c:907:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[32]; data/frr-7.4/ospf6d/ospf6_intra.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET_ADDRSTRLEN], buf2[INET_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_intra.c:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], name[32], bits[16], options[32]; data/frr-7.4/ospf6d/ospf6_intra.c:148:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(router_lsa->options, oa->options, 3); data/frr-7.4/ospf6d/ospf6_intra.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_intra.c:429:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128], options[32]; data/frr-7.4/ospf6d/ospf6_intra.c:454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_intra.c:618:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, OSPF6_PREFIX_BODY(prefix), data/frr-7.4/ospf6d/ospf6_intra.c:634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128], options[32]; data/frr-7.4/ospf6d/ospf6_intra.c:676:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, OSPF6_PREFIX_BODY(prefix), data/frr-7.4/ospf6d/ospf6_intra.c:690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_intra.c:737:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(link_lsa->options, oi->area->options, 3); data/frr-7.4/ospf6d/ospf6_intra.c:738:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&link_lsa->linklocal_addr, oi->linklocal_addr, data/frr-7.4/ospf6d/ospf6_intra.c:751:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(OSPF6_PREFIX_BODY(op), &route->prefix.u.prefix6, data/frr-7.4/ospf6d/ospf6_intra.c:820:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, OSPF6_PREFIX_BODY(prefix), data/frr-7.4/ospf6d/ospf6_intra.c:824:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_intra.c:838:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/ospf6d/ospf6_intra.c:840:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_intra.c:884:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&in6, OSPF6_PREFIX_BODY(prefix), data/frr-7.4/ospf6d/ospf6_intra.c:898:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_intra.c:910:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1087:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(OSPF6_PREFIX_BODY(op), &route->prefix.u.prefix6, data/frr-7.4/ospf6d/ospf6_intra.c:1132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[OSPF6_MAX_LSASIZE]; data/frr-7.4/ospf6d/ospf6_intra.c:1147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1245:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->prefix.u.prefix6, OSPF6_PREFIX_BODY(op), data/frr-7.4/ospf6d/ospf6_intra.c:1279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(OSPF6_PREFIX_BODY(op), &route->prefix.u.prefix6, data/frr-7.4/ospf6d/ospf6_intra.c:1369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1720:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->path.ls_prefix, &ls_prefix, data/frr-7.4/ospf6d/ospf6_intra.c:1774:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1863:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_intra.c:1998:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brouter_name[16]; data/frr-7.4/ospf6d/ospf6_intra.c:1999:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_name[16]; data/frr-7.4/ospf6d/ospf6_intra.c:2000:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destination[64]; data/frr-7.4/ospf6d/ospf6_intra.c:2001:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char installed[64], changed[64]; data/frr-7.4/ospf6d/ospf6_intra.c:2003:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_intra.c:2004:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char capa[16], options[16]; data/frr-7.4/ospf6d/ospf6_intra.c:2056:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brouter_name[16]; data/frr-7.4/ospf6d/ospf6_intra.c:2367:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/frr-7.4/ospf6d/ospf6_lsa.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte[4]; data/frr-7.4/ospf6d/ospf6_lsa.c:105:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[8]; data/frr-7.4/ospf6d/ospf6_lsa.c:118:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[8]; data/frr-7.4/ospf6d/ospf6_lsa.c:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_lsa.c:352:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_lsa.c:376:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router[16], id[16]; data/frr-7.4/ospf6d/ospf6_lsa.c:379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], tmpbuf[80]; data/frr-7.4/ospf6d/ospf6_lsa.c:421:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte[4]; data/frr-7.4/ospf6d/ospf6_lsa.c:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router[64], id[64]; data/frr-7.4/ospf6d/ospf6_lsa.c:473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router[64], id[64]; data/frr-7.4/ospf6d/ospf6_lsa.c:476:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[64]; data/frr-7.4/ospf6d/ospf6_lsa.c:524:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header, header, lsa_size); data/frr-7.4/ospf6d/ospf6_lsa.c:551:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header, header, sizeof(struct ospf6_lsa_header)); data/frr-7.4/ospf6d/ospf6_lsa.c:784:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/frr-7.4/ospf6d/ospf6_lsa.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; /* dump string */ data/frr-7.4/ospf6d/ospf6_lsa.h:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; \ data/frr-7.4/ospf6d/ospf6_lsa.h:168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; \ data/frr-7.4/ospf6d/ospf6_lsa.h:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; \ data/frr-7.4/ospf6d/ospf6_lsa.h:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; \ data/frr-7.4/ospf6d/ospf6_lsa.h:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; \ data/frr-7.4/ospf6d/ospf6_lsdb.c:63:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((caddr_t)&key->prefix + key->prefixlen / 8, (caddr_t)value, len); data/frr-7.4/ospf6d/ospf6_lsdb.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_message.c:52:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char conf_debug_ospf6_message[6] = {0x03, 0, 0, 0, 0, 0}; data/frr-7.4/ospf6d/ospf6_message.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_id[16], area_id[16]; data/frr-7.4/ospf6d/ospf6_message.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[16]; data/frr-7.4/ospf6d/ospf6_message.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drouter[16], bdrouter[16], neighbor[16]; data/frr-7.4/ospf6d/ospf6_message.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[16]; data/frr-7.4/ospf6d/ospf6_message.c:165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_message.c:272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&on->linklocal_addr, src, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_message.c:544:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&on->dbdesc_last, dbdesc, sizeof(struct ospf6_dbdesc)); data/frr-7.4/ospf6d/ospf6_message.c:746:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&on->dbdesc_last, dbdesc, sizeof(struct ospf6_dbdesc)); data/frr-7.4/ospf6d/ospf6_message.c:847:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[16], adv_router[16]; data/frr-7.4/ospf6d/ospf6_message.c:1312:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_message.c:1529:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcname[64], dstname[64]; data/frr-7.4/ospf6d/ospf6_message.c:1643:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcname[64], dstname[64]; data/frr-7.4/ospf6d/ospf6_message.c:1768:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &on->router_id, sizeof(uint32_t)); data/frr-7.4/ospf6d/ospf6_message.c:1838:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, sizeof(struct ospf6_lsa_header)); data/frr-7.4/ospf6d/ospf6_message.c:2073:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, OSPF6_LSA_SIZE(lsa->header)); data/frr-7.4/ospf6d/ospf6_message.c:2133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, OSPF6_LSA_SIZE(lsa->header)); data/frr-7.4/ospf6d/ospf6_message.c:2179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, OSPF6_LSA_SIZE(lsa->header)); data/frr-7.4/ospf6d/ospf6_message.c:2263:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, OSPF6_LSA_SIZE(lsa->header)); data/frr-7.4/ospf6d/ospf6_message.c:2344:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, sizeof(struct ospf6_lsa_header)); data/frr-7.4/ospf6d/ospf6_message.c:2416:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lsa->header, sizeof(struct ospf6_lsa_header)); data/frr-7.4/ospf6d/ospf6_neighbor.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_id[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:616:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[64]; data/frr-7.4/ospf6d/ospf6_neighbor.c:618:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nstate[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:619:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deadtime[64]; data/frr-7.4/ospf6d/ospf6_neighbor.c:672:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_id[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drouter[16], bdrouter[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:674:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[64]; data/frr-7.4/ospf6d/ospf6_neighbor.c:700:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drouter[16], bdrouter[16]; data/frr-7.4/ospf6d/ospf6_neighbor.c:701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linklocal_addr[64], duration[32]; data/frr-7.4/ospf6d/ospf6_neighbor.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[36]; data/frr-7.4/ospf6d/ospf6_neighbor.h:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[3]; data/frr-7.4/ospf6d/ospf6_network.c:124:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mreq6.ipv6mr_multiaddr, group, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_network.c:183:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pktinfo->ipi6_addr, src, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_network.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst_sin6.sin6_addr, dst, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_network.c:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src, &src_sin6.sin6_addr, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_network.c:261:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &pktinfo->ipi6_addr, sizeof(struct in6_addr)); data/frr-7.4/ospf6d/ospf6_proto.c:33:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in6, (uint8_t *)prefix_buf + in6_off, data/frr-7.4/ospf6d/ospf6_route.c:45:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[64]; data/frr-7.4/ospf6d/ospf6_route.c:131:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix->u.prefix6.s6_addr[0], &adv_router, 4); data/frr-7.4/ospf6d/ospf6_route.c:132:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix->u.prefix6.s6_addr[4], &id, 4); data/frr-7.4/ospf6d/ospf6_route.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router_str[16], id_str[16]; data/frr-7.4/ospf6d/ospf6_route.c:139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&adv_router, &prefix->u.prefix6.s6_addr[0], 4); data/frr-7.4/ospf6d/ospf6_route.c:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&id, &prefix->u.prefix6.s6_addr[4], 4); data/frr-7.4/ospf6d/ospf6_route.c:150:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const ospf6_dest_type_str[OSPF6_DEST_TYPE_MAX] = { data/frr-7.4/ospf6d/ospf6_route.c:154:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const ospf6_dest_type_substr[OSPF6_DEST_TYPE_MAX] = { data/frr-7.4/ospf6d/ospf6_route.c:158:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const ospf6_path_type_str[OSPF6_PATH_TYPE_MAX] = { data/frr-7.4/ospf6d/ospf6_route.c:162:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const ospf6_path_type_substr[OSPF6_PATH_TYPE_MAX] = { data/frr-7.4/ospf6d/ospf6_route.c:280:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nh_match.address, addr, data/frr-7.4/ospf6d/ospf6_route.c:299:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/ospf6d/ospf6_route.c:377:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, path, sizeof(struct ospf6_path)); data/frr-7.4/ospf6d/ospf6_route.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new->prefix, &route->prefix, sizeof(struct prefix)); data/frr-7.4/ospf6d/ospf6_route.c:553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_route.c:601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_route.c:836:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_route.c:1038:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destination[PREFIX2STR_BUFFER], nexthop[64]; data/frr-7.4/ospf6d/ospf6_route.c:1039:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[64]; data/frr-7.4/ospf6d/ospf6_route.c:1082:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destination[PREFIX2STR_BUFFER], nexthop[64]; data/frr-7.4/ospf6d/ospf6_route.c:1083:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_id[16], id[16], adv_router[16], capa[16], options[16]; data/frr-7.4/ospf6d/ospf6_route.c:1085:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char duration[64]; data/frr-7.4/ospf6d/ospf6_route.c:1400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char routername[16], idname[16], rbits[16], options[16]; data/frr-7.4/ospf6d/ospf6_route.c:1526:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv[16], rbits[16], options[16], area[16]; data/frr-7.4/ospf6d/ospf6_route.h:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(a)->address, &(b)->address, sizeof(struct in6_addr)); \ data/frr-7.4/ospf6d/ospf6_route.h:218:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const ospf6_dest_type_str[OSPF6_DEST_TYPE_MAX]; data/frr-7.4/ospf6d/ospf6_route.h:219:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const ospf6_dest_type_substr[OSPF6_DEST_TYPE_MAX]; data/frr-7.4/ospf6d/ospf6_route.h:227:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const ospf6_path_type_str[OSPF6_PATH_TYPE_MAX]; data/frr-7.4/ospf6d/ospf6_route.h:228:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const ospf6_path_type_substr[OSPF6_PATH_TYPE_MAX]; data/frr-7.4/ospf6d/ospf6_snmp.c:742:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[16]; data/frr-7.4/ospf6d/ospf6_spf.c:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ibuf[16], abuf[16]; data/frr-7.4/ospf6d/ospf6_spf.c:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/ospf6d/ospf6_spf.c:323:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_spf.c:375:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&route->prefix, &v->vertex_id, sizeof(struct prefix)); data/frr-7.4/ospf6d/ospf6_spf.c:570:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, *end, buffer[256]; data/frr-7.4/ospf6d/ospf6_spf.c:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[32]; data/frr-7.4/ospf6d/ospf6_spf.c:684:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[32]; data/frr-7.4/ospf6d/ospf6_spf.c:967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifbuf[16]; data/frr-7.4/ospf6d/ospf6_spf.c:1031:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header, lsa_header, ntohs(lsa_header->length)); data/frr-7.4/ospf6d/ospf6_spf.c:1061:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_header, (OSPF6_LSA_HEADER_END(rtr_lsa->header) + 4), data/frr-7.4/ospf6d/ospf6_spf.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/frr-7.4/ospf6d/ospf6_top.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brouter_name[16]; data/frr-7.4/ospf6d/ospf6_top.c:128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brouter_name[16]; data/frr-7.4/ospf6d/ospf6_top.c:536:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->distance_all = atoi(argv[1]->arg); data/frr-7.4/ospf6d/ospf6_top.c:575:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->distance_intra = atoi(argv[idx + 1]->arg); data/frr-7.4/ospf6d/ospf6_top.c:578:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->distance_inter = atoi(argv[idx + 1]->arg); data/frr-7.4/ospf6d/ospf6_top.c:581:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). o->distance_external = atoi(argv[idx + 1]->arg); data/frr-7.4/ospf6d/ospf6_top.c:861:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_id[16], duration[32]; data/frr-7.4/ospf6d/ospf6_top.c:863:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], rbuf[32]; data/frr-7.4/ospf6d/ospf6_top.c:1052:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/ospf6d/ospf6_top.c:1066:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char router_id[16]; data/frr-7.4/ospf6d/ospf6_zebra.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_zebra.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/ospf6d/ospf6_zebra.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/frr-7.4/ospf6d/ospf6_zebra.c:173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefixstr[PREFIX2STR_BUFFER], nexthopstr[128]; data/frr-7.4/ospf6d/ospf6_zebra.c:228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospf6d/ospf6_zebra.c:328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_zebra.c:361:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/ospf6d/ospf6_zebra.c:417:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(distance_str); data/frr-7.4/ospfclient/ospf_apiclient.c:235:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myaddr_sync.sin_addr, hp->h_addr, hp->h_length); data/frr-7.4/ospfclient/ospf_apiclient.c:459:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((uint8_t *)lsah) + sizeof(struct lsa_header), opaquedata, data/frr-7.4/ospfclient/ospf_apiclient.c:575:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsa, &(cn->data), lsalen); data/frr-7.4/ospfclient/ospf_apiclient.c:600:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsa, &(cn->data), lsalen); data/frr-7.4/ospfclient/ospfclient.c:100:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(args[2]), /* lsa type */ data/frr-7.4/ospfclient/ospfclient.c:101:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(args[3]), /* opaque type */ data/frr-7.4/ospfclient/ospfclient.c:102:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(args[4])); /* opaque ID */ data/frr-7.4/ospfclient/ospfclient.c:134:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lsa_type = atoi(args[2]); data/frr-7.4/ospfclient/ospfclient.c:135:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opaque_type = atoi(args[3]); data/frr-7.4/ospfclient/ospfclient.c:136:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). opaque_id = atoi(args[4]); data/frr-7.4/ospfclient/ospfclient.c:328:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospf_apiclient_register_opaque_type(oclient, atoi(args[2]), data/frr-7.4/ospfclient/ospfclient.c:329:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(args[3])); data/frr-7.4/ospfd/ospf_abr.c:601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header->metric, mp, 3); data/frr-7.4/ospfd/ospf_abr.c:744:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_abr.c:767:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_abr.c:1136:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_api.c:421:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &msg->hdr, sizeof(struct apimsghdr)); data/frr-7.4/ospfd/ospf_api.c:422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + sizeof(struct apimsghdr), STREAM_DATA(msg->s), data/frr-7.4/ospfd/ospf_api.c:501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[OSPF_API_MAX_MSG_SIZE]; data/frr-7.4/ospfd/ospf_api.c:513:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(omsg_data, data, omsglen); data/frr-7.4/ospfd/ospf_api.c:638:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nmsg_data, data, len); data/frr-7.4/ospfd/ospf_apiserver.c:1184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(apiserv->filter, &rmsg->filter, ntohs(msg->hdr.msglen)); data/frr-7.4/ospfd/ospf_apiserver.c:1438:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, newlsa, length); data/frr-7.4/ospfd/ospf_asbr.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inetbuf[INET6_BUFSIZ]; data/frr-7.4/ospfd/ospf_ase.c:291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_bfd.c:221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_dump.c:78:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[OSPF_AREA_STRING_MAXLEN] = ""; data/frr-7.4/ospfd/ospf_dump.c:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[OSPF_AREA_DESC_STRING_MAXLEN] = ""; data/frr-7.4/ospfd/ospf_dump.c:119:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[OSPF_IF_STRING_MAXLEN] = ""; data/frr-7.4/ospfd/ospf_dump.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/ospfd/ospf_dump.c:376:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dd_flags[8]; data/frr-7.4/ospfd/ospf_dump.c:505:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[9]; data/frr-7.4/ospfd/ospf_dump.c:1663:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16]; data/frr-7.4/ospfd/ospf_dump_api.c:106:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[OSPF_OPTION_STR_MAXLEN]; data/frr-7.4/ospfd/ospf_ext.c:983:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_ext.c:1045:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_ext.c:1090:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_id[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_ext.c:1142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_id[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_flood.c:795:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, OSPF_LSA_HEADER_SIZE); data/frr-7.4/ospfd/ospf_interface.c:831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ]; data/frr-7.4/ospfd/ospf_lsa.c:191:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, lsa, sizeof(struct ospf_lsa)); data/frr-7.4/ospfd/ospf_lsa.c:274:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, lsah, ntohs(lsah->length)); data/frr-7.4/ospfd/ospf_lsa.c:294:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[sizeof("Type255,id(255.255.255.255),ar(255.255.255.255)")+1]; data/frr-7.4/ospfd/ospf_lsa.c:298:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[INET_ADDRSTRLEN], ar[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_lsa.c:807:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_lsa.c:1019:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_lsa.c:1198:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_lsa.c:1339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_lsa.c:1639:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_lsa.c:2691:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_str[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_main.c:170:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospfd_di.instance = instance = atoi(optarg); data/frr-7.4/ospfd/ospf_neighbor.c:426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nbr->address, p, sizeof(struct prefix)); data/frr-7.4/ospfd/ospf_neighbor.c:482:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nbr->address, p, sizeof(struct prefix)); data/frr-7.4/ospfd/ospf_packet.c:314:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[OSPF_AUTH_MD5_SIZE]; data/frr-7.4/ospfd/ospf_packet.c:379:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[OSPF_AUTH_MD5_SIZE] = {0}; data/frr-7.4/ospfd/ospf_packet.c:653:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmsgbuf[64] = {}; data/frr-7.4/ospfd/ospf_packet.c:1793:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lsa->data, lsah, length); data/frr-7.4/ospfd/ospf_packet.c:1888:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:1889:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:1890:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:1946:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:1947:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:1948:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:2305:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[CMSG_SPACE(SOPT_SIZE_CMSG_IFINDEX_IPV4())]; data/frr-7.4/ospfd/ospf_packet.c:3047:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3][INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:3099:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_packet.c:3263:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ospfh->u.auth_data, OSPF_IF_PARAM(oi, auth_simple), data/frr-7.4/ospfd/ospf_packet.c:4349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ping_nbr[OSPF_PING_NBR_STR_MAX]; data/frr-7.4/ospfd/ospf_ri.c:782:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_route.c:76:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, path, sizeof(struct ospf_path)); data/frr-7.4/ospfd/ospf_snmp.c:2454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[16]; data/frr-7.4/ospfd/ospf_spf.c:251:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[BUFSIZ]; data/frr-7.4/ospfd/ospf_spf.c:447:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_spf.c:506:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[BUFSIZ]; data/frr-7.4/ospfd/ospf_spf.c:507:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/ospfd/ospf_spf.c:1115:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[BUFSIZ]; data/frr-7.4/ospfd/ospf_spf.c:1116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/ospfd/ospf_spf.c:1291:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[32]; /* reason_buf */ data/frr-7.4/ospfd/ospf_sr.c:993:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new, &srp->nhlfe, sizeof(struct sr_nhlfe)); data/frr-7.4/ospfd/ospf_sr.c:1019:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new, &srp->nhlfe, sizeof(struct sr_nhlfe)); data/frr-7.4/ospfd/ospf_sr.c:1506:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&old, &srp->nhlfe, sizeof(struct sr_nhlfe)); data/frr-7.4/ospfd/ospf_sr.c:2071:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[19]; data/frr-7.4/ospfd/ospf_sr.c:2072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sid[22]; data/frr-7.4/ospfd/ospf_sr.c:2073:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[8]; data/frr-7.4/ospfd/ospf_sr.c:2095:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/frr-7.4/ospfd/ospf_te.c:1208:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new->data, lsah, length); data/frr-7.4/ospfd/ospf_te.c:1246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char area_id[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_vty.c:481:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vty_out(vty, "interface %s not found.\n", (char *)argv[1]->arg); data/frr-7.4/ospfd/ospf_vty.c:554:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vty_out(vty, "interface %s not found.\n", (char *)argv[2]->arg); data/frr-7.4/ospfd/ospf_vty.c:1115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth_key[OSPF_AUTH_SIMPLE_SIZE + 1]; data/frr-7.4/ospfd/ospf_vty.c:1116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5_key[OSPF_AUTH_MD5_SIZE + 1]; data/frr-7.4/ospfd/ospf_vty.c:1193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth_key[OSPF_AUTH_SIMPLE_SIZE + 1]; data/frr-7.4/ospfd/ospf_vty.c:2779:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:2957:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:3660:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:4179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[16]; data/frr-7.4/ospfd/ospf_vty.c:4180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:4192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_vty.c:4820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:4901:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[OSPF_TIME_DUMP_SIZE]; data/frr-7.4/ospfd/ospf_vty.c:4903:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN] = {0}; data/frr-7.4/ospfd/ospf_vty.c:8558:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospf->distance_all = atoi(argv[idx_number]->arg); data/frr-7.4/ospfd/ospf_vty.c:8623:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospf->distance_intra = atoi(argv[idx + 1]->arg); data/frr-7.4/ospfd/ospf_vty.c:8626:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospf->distance_inter = atoi(argv[idx + 1]->arg); data/frr-7.4/ospfd/ospf_vty.c:8629:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ospf->distance_external = atoi(argv[idx + 1]->arg); data/frr-7.4/ospfd/ospf_vty.c:8975:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_vty.c:9265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[19]; data/frr-7.4/ospfd/ospf_vty.c:9933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_vty.c:10001:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_vty.c:10030:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_vty.c:10162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_zebra.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:85:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/ospfd/ospf_zebra.c:277:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET_ADDRSTRLEN]; data/frr-7.4/ospfd/ospf_zebra.c:305:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/ospfd/ospf_zebra.c:308:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:325:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/ospfd/ospf_zebra.c:331:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:346:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/ospfd/ospf_zebra.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:717:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/ospfd/ospf_zebra.c:819:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/ospfd/ospf_zebra.c:1215:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(distance_str); data/frr-7.4/pbrd/pbr_map.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PBR_MAP_NAMELEN]; data/frr-7.4/pbrd/pbr_map.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrf_name[VRF_NAMSIZ + 1]; data/frr-7.4/pbrd/pbr_nht.c:234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugstr[256]; data/frr-7.4/pbrd/pbr_nht.c:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugstr[256]; data/frr-7.4/pbrd/pbr_nht.c:521:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PBR_NHC_NAMELEN]; data/frr-7.4/pbrd/pbr_nht.c:530:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh, nhop, sizeof(*nh)); data/frr-7.4/pbrd/pbr_nht.c:802:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_nht.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PBR_NHC_NAMELEN]; data/frr-7.4/pbrd/pbr_vty.c:49:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t seqno = atoi(argv[3]->arg); data/frr-7.4/pbrd/pbr_vty.c:72:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seqno = atoi(argv[4]->arg); data/frr-7.4/pbrd/pbr_vty.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_vty.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[64]; data/frr-7.4/pbrd/pbr_vty.c:781:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_zebra.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_zebra.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_zebra.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_zebra.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pbrd/pbr_zebra.c:288:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api_nh->gate.ipv6, &nhop->gate.ipv6, 16); data/frr-7.4/pbrd/pbr_zebra.c:292:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api_nh->gate.ipv6, &nhop->gate.ipv6, 16); data/frr-7.4/pbrd/pbr_zebra.c:399:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pbrd/pbr_zebra.c:468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix6, &nhop->gate.ipv6, 16); data/frr-7.4/pbrd/pbr_zebra.h:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapname[100]; data/frr-7.4/pimd/mtracebis.c:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/frr-7.4/pimd/mtracebis.c:128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/frr-7.4/pimd/mtracebis.c:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/mtracebis.c:253:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/mtracebis.c:254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/mtracebis.c:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtrace_buf[IP_AND_MTRACE_BUF_LEN]; data/frr-7.4/pimd/mtracebis.c:336:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtracer, mtrace, mtrace_len); data/frr-7.4/pimd/mtracebis.c:397:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/pimd/mtracebis.c:398:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbuf[MTRACE_BUF_LEN]; data/frr-7.4/pimd/mtracebis_netlink.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resp[1024]; data/frr-7.4/pimd/mtracebis_netlink.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16384]; data/frr-7.4/pimd/mtracebis_netlink.c:308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16384]; data/frr-7.4/pimd/mtracebis_netlink.c:390:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(answer, h, data/frr-7.4/pimd/mtracebis_netlink.c:399:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(answer, h, h->nlmsg_len); data/frr-7.4/pimd/mtracebis_netlink.c:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/frr-7.4/pimd/mtracebis_netlink.c:497:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/frr-7.4/pimd/mtracebis_netlink.c:565:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(rta), &data, 4); data/frr-7.4/pimd/mtracebis_netlink.c:587:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(rta), data, alen); data/frr-7.4/pimd/mtracebis_netlink.c:604:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NLMSG_TAIL(n), data, len); data/frr-7.4/pimd/mtracebis_netlink.c:657:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(subrta), &data, 4); data/frr-7.4/pimd/mtracebis_netlink.c:677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(subrta), data, alen); data/frr-7.4/pimd/mtracebis_routeget.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/frr-7.4/pimd/pim_assert.c:66:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char was_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:67:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char winner_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:238:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:376:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_assert.c:390:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bfd.c:125:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bfd.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/frr-7.4/pimd/pim_bfd.c:248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_bfd.c:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bfd.c:322:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_bsm.c:382:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[48]; data/frr-7.4/pimd/pim_bsm.c:407:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[48]; data/frr-7.4/pimd/pim_bsm.c:582:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:620:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_bsm.c:731:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt, buf, PIM_BSM_HDR_LEN); data/frr-7.4/pimd/pim_bsm.c:764:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt, buf, PIM_BSM_GRP_LEN); data/frr-7.4/pimd/pim_bsm.c:799:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt, buf, copy_byte_count); data/frr-7.4/pimd/pim_bsm.c:835:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pkt, (uint8_t *)grpinfo, data/frr-7.4/pimd/pim_bsm.c:917:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:1058:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bsm_rpinfo->rp_address, &rp->rpaddr.addr, data/frr-7.4/pimd/pim_bsm.c:1127:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&grpinfo, buf, sizeof(struct bsmmsg_grpinfo)); data/frr-7.4/pimd/pim_bsm.c:1130:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:1145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:1204:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rpinfo, buf, sizeof(struct bsmmsg_rpinfo)); data/frr-7.4/pimd/pim_bsm.c:1210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:1248:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_bsm.c:1417:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bsminfo->bsm, buf, buf_size); data/frr-7.4/pimd/pim_cmd.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char winner_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timer[10]; data/frr-7.4/pimd/pim_cmd.c:246:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:247:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:292:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:294:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:337:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref_str[16]; data/frr-7.4/pimd/pim_cmd.c:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metr_str[16]; data/frr-7.4/pimd/pim_cmd.c:426:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:427:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:595:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:596:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_hhmmss[10]; data/frr-7.4/pimd/pim_cmd.c:659:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:660:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_hhmmss[10]; data/frr-7.4/pimd/pim_cmd.c:661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_hhmmss[10]; data/frr-7.4/pimd/pim_cmd.c:884:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pri_addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:900:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:901:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:902:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:930:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:931:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dr_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:932:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire[10]; data/frr-7.4/pimd/pim_cmd.c:933:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:934:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hello_period[10]; data/frr-7.4/pimd/pim_cmd.c:935:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hello_timer[10]; data/frr-7.4/pimd/pim_cmd.c:936:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:937:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:938:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:939:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:988:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_cmd.c:1167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_cmd.c:1679:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:1680:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:1685:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:1686:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire[10]; data/frr-7.4/pimd/pim_cmd.c:1687:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prune[10]; data/frr-7.4/pimd/pim_cmd.c:1798:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:1799:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire[10]; data/frr-7.4/pimd/pim_cmd.c:1800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2015:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2016:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2017:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/pimd/pim_cmd.c:2018:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/pimd/pim_cmd.c:2116:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oif_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:2223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:2224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expire[10]; data/frr-7.4/pimd/pim_cmd.c:2225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2323:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2335:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_sec_str[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_cmd.c:2464:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2465:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2466:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:2467:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char join_timer[10]; data/frr-7.4/pimd/pim_cmd.c:2468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rs_timer[10]; data/frr-7.4/pimd/pim_cmd.c:2469:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ka_timer[10]; data/frr-7.4/pimd/pim_cmd.c:2470:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msdp_reg_timer[10]; data/frr-7.4/pimd/pim_cmd.c:2471:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_REG_STATE_STR_LEN]; data/frr-7.4/pimd/pim_cmd.c:2512:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_str[PIM_REG_STATE_STR_LEN]; data/frr-7.4/pimd/pim_cmd.c:2513:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof(state_str) + 1]; data/frr-7.4/pimd/pim_cmd.c:2547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:2609:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2610:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2702:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2703:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2777:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2778:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2779:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:2780:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:2833:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char refresh_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:2875:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime_scan_oil[10]; data/frr-7.4/pimd/pim_cmd.c:2876:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime_mroute_add[10]; data/frr-7.4/pimd/pim_cmd.c:2877:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime_mroute_del[10]; data/frr-7.4/pimd/pim_cmd.c:2914:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2915:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:2916:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:2917:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rib_nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:3037:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:3038:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3039:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:3229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3279:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3455:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3466:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hhmmss[10]; data/frr-7.4/pimd/pim_cmd.c:3467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:3574:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3584:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3585:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_retr_mmss[10]; data/frr-7.4/pimd/pim_cmd.c:3641:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3651:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3662:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3663:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mmss[10]; data/frr-7.4/pimd/pim_cmd.c:3664:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:3714:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3724:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3735:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:3757:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:3758:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_bsm_seen[10]; data/frr-7.4/pimd/pim_cmd.c:3760:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_state[20]; data/frr-7.4/pimd/pim_cmd.c:3761:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:4343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char role_buf[MLAG_ROLE_STRSIZE]; data/frr-7.4/pimd/pim_cmd.c:4344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4681:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4682:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4683:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4824:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char own_str[6]; data/frr-7.4/pimd/pim_cmd.c:4848:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4849:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4896:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4897:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:4952:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char own_str[6]; data/frr-7.4/pimd/pim_cmd.c:5501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:5502:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:5710:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uptime[10]; data/frr-7.4/pimd/pim_cmd.c:5711:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mlag_role[80]; data/frr-7.4/pimd/pim_cmd.c:5814:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:5815:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:5816:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/pimd/pim_cmd.c:5817:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/pimd/pim_cmd.c:5820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proto[100]; data/frr-7.4/pimd/pim_cmd.c:5821:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_REG_STATE_STR_LEN]; data/frr-7.4/pimd/pim_cmd.c:5822:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mroute_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:6093:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oif_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:6306:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6328:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6503:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:6554:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss_uptime[10]; data/frr-7.4/pimd/pim_cmd.c:6558:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bind_addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:6758:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). router->t_periodic = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:6785:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). router->register_suppress_time = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:6813:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pim->rp_keep_alive_time = atoi(argv[4]->arg); data/frr-7.4/pimd/pim_cmd.c:6841:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pim->keep_alive_time = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:6868:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). router->packet_process = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:7548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:7679:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). query_interval = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:7763:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). igmp_version = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:7826:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). query_max_response_time = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:7887:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). query_max_response_time_dsec = atoi(argv[4]->arg); data/frr-7.4/pimd/pim_cmd.c:7947:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). last_member_query_count = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:7997:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). last_member_query_interval = atoi(argv[3]->arg); data/frr-7.4/pimd/pim_cmd.c:8099:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). igmp_version = atoi(argv[4]->arg); data/frr-7.4/pimd/pim_cmd.c:9807:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9808:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9809:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_MSDP_STATE_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9928:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9929:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9930:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_MSDP_STATE_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9931:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[PIM_MSDP_UPTIME_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9983:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:9984:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_MSDP_STATE_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9985:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[PIM_MSDP_UPTIME_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9986:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char katimer[PIM_MSDP_TIMER_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9987:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crtimer[PIM_MSDP_TIMER_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:9988:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char holdtimer[PIM_MSDP_TIMER_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:10160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[PIM_MSDP_UPTIME_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:10164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spt_str[8]; data/frr-7.4/pimd/pim_cmd.c:10165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_str[8]; data/frr-7.4/pimd/pim_cmd.c:10235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[PIM_MSDP_UPTIME_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:10238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spt_str[8]; data/frr-7.4/pimd/pim_cmd.c:10239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_str[8]; data/frr-7.4/pimd/pim_cmd.c:10240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statetimer[PIM_MSDP_TIMER_STRLEN]; data/frr-7.4/pimd/pim_cmd.c:10301:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10384:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10413:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10414:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_cmd.c:10535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:178:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:196:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:209:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:262:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:330:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:355:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_hello.c:412:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_prim_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:315:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_prim_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/pimd/pim_iface.c:570:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:571:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:718:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/pimd/pim_iface.c:1162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1311:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1348:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1361:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_iface.c:1482:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pimreg_name[INTERFACE_NAMSIZ]; data/frr-7.4/pimd/pim_ifchannel.c:749:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:750:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:805:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:875:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1294:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1333:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.c:1334:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ifchannel.h:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_igmp.c:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:201:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:242:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:262:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group_addr, igmp_msg + 4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmp.c:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:381:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:406:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:439:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group_addr, igmp_msg + 4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmp.c:462:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:463:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:609:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:628:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_buf[query_buf_size]; data/frr-7.4/pimd/pim_igmp.c:676:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char querier_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:677:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:796:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:901:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[64]; data/frr-7.4/pimd/pim_igmp.c:1045:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:1082:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:1097:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:1187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp.c:1259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_buf[query_buf_size]; data/frr-7.4/pimd/pim_igmp_join.h:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req.gsr_group, &group, sizeof(struct sockaddr_in)); data/frr-7.4/pimd/pim_igmp_join.h:61:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req.gsr_source, &source, sizeof(struct sockaddr_in)); data/frr-7.4/pimd/pim_igmp_mtrace.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inc_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prv_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inc_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:222:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rsp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char if_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rsp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:573:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmp_mtrace.c:614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtrace_buf[MTRACE_HDR_SIZE + MTRACE_MAX_HOPS * MTRACE_RSP_SIZE]; data/frr-7.4/pimd/pim_igmp_mtrace.c:759:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtrace_buf, igmp_msg, igmp_msg_len); data/frr-7.4/pimd/pim_igmpv2.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:63:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query_buf + 4, &group_addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmpv2.c:69:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:127:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group_addr, igmp_msg + 4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmpv2.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv2.c:176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group_addr, igmp_msg + 4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmpv3.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:121:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:183:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:449:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:995:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_buf[query_buf_size]; data/frr-7.4/pimd/pim_igmpv3.c:1011:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1058:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_buf1[PIM_IGMP_BUFSIZE_WRITE]; /* 1 = with s_flag set */ data/frr-7.4/pimd/pim_igmpv3.c:1059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_buf2[PIM_IGMP_BUFSIZE_WRITE]; /* 2 = with s_flag clear */ data/frr-7.4/pimd/pim_igmpv3.c:1109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1175:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1554:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1555:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1617:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query_buf + 4, &group_addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmpv3.c:1628:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1629:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1648:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1649:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1680:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1681:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1705:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&group_addr, igmp_msg + 4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_igmpv3.c:1741:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1808:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src_addr, sources + i, data/frr-7.4/pimd/pim_igmpv3.c:1819:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_igmpv3.c:1918:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rec_group, data/frr-7.4/pimd/pim_igmpv3.c:1944:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[200]; data/frr-7.4/pimd/pim_instance.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[64]; data/frr-7.4/pimd/pim_instance.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peerlink_rif[INTERFACE_NAMSIZ]; data/frr-7.4/pimd/pim_int.c:43:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &val_host, sizeof(val_host)); data/frr-7.4/pimd/pim_join.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:96:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char received_rp[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:97:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_rp[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:149:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char received_rp[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:225:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char upstream_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:255:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:270:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char upstream_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:272:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:464:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:509:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_join.c:510:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_jp_agg.c:173:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_jp_agg.c:300:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_mlag.c:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_mlag.c:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_mlag.c:562:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MLAG_ROLE_STRSIZE]; data/frr-7.4/pimd/pim_mlag.c:691:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf1[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_mlag.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf2[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_mlag.c:772:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/frr-7.4/pimd/pim_mroute.c:148:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const igmpmsgtype2str[IGMPMSG_WRVIFWHOLE + 1] = { data/frr-7.4/pimd/pim_mroute.c:595:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_src_str[INET_ADDRSTRLEN] = ""; data/frr-7.4/pimd/pim_mroute.c:596:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_dst_str[INET_ADDRSTRLEN] = ""; data/frr-7.4/pimd/pim_mroute.c:597:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN] = "<src?>"; data/frr-7.4/pimd/pim_mroute.c:598:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN] = "<grp?>"; data/frr-7.4/pimd/pim_mroute.c:700:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10000]; data/frr-7.4/pimd/pim_mroute.c:858:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_mroute.c:1019:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/frr-7.4/pimd/pim_mroute.c:1060:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/frr-7.4/pimd/pim_mroute.c:1127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/frr-7.4/pimd/pim_mroute.c:1179:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/frr-7.4/pimd/pim_mroute.c:1200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/frr-7.4/pimd/pim_mroute.h:94:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mfcc_ttls[MAXVIFS]; /* Where it is going */ data/frr-7.4/pimd/pim_msdp.c:760:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:761:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:778:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_MSDP_STATE_STRLEN]; data/frr-7.4/pimd/pim_msdp.c:1139:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peer_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1396:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1415:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mbr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1533:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.c:1575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[64]; data/frr-7.4/pimd/pim_msdp.h:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_msdp.h:108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_reset[PIM_MSDP_PEER_LAST_RESET_STR]; data/frr-7.4/pimd/pim_msdp_packet.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp_packet.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[PIM_MSDP_PKT_TYPE_STRLEN]; data/frr-7.4/pimd/pim_msdp_packet.c:524:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp_socket.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SU_ADDRSTRLEN]; data/frr-7.4/pimd/pim_msdp_socket.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&listener->su, &sin, socklen); data/frr-7.4/pimd/pim_msg.c:72:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 2, &addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_msg.c:83:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 4, &addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_msg.c:95:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 4, &addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_neighbor.c:128:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dr_old_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:129:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dr_new_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/frr-7.4/pimd/pim_neighbor.c:211:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:266:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:381:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[10]; data/frr-7.4/pimd/pim_neighbor.c:501:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:603:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:747:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:748:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char this_neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_neighbor.c:749:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char other_neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_nht.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[64]; data/frr-7.4/pimd/pim_nht.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[64]; data/frr-7.4/pimd/pim_nht.c:144:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_nht.c:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_pnc, pnc, sizeof(struct pim_nexthop_cache)); data/frr-7.4/pimd/pim_nht.c:219:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_nht.c:265:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:280:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:295:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:358:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:372:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:573:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:578:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:631:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:646:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:689:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:691:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_nht.c:750:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_nht.c:812:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NEXTHOP_STRLEN]; data/frr-7.4/pimd/pim_nht.c:825:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_str[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_nht.c:846:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NEXTHOP_STRLEN]; data/frr-7.4/pimd/pim_nht.c:885:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_nht.c:919:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_nht.c:1040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_nht.c:1080:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_oil.c:233:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:234:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:259:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:260:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:284:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:285:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:444:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:445:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:478:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:497:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:498:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:520:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:521:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:558:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:559:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:585:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_oil.c:586:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:253:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:534:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip2, ip, hdrsize); data/frr-7.4/pimd/pim_pim.c:564:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[10000]; data/frr-7.4/pimd/pim_pim.c:574:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg_start, pim_msg, pim_msg_size); data/frr-7.4/pimd/pim_pim.c:616:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_pim.c:646:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_register.c:71:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[10000]; data/frr-7.4/pimd/pim_register.c:167:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[10000]; data/frr-7.4/pimd/pim_register.c:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_register.c:208:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b1, (const unsigned char *)buf, buf_size); data/frr-7.4/pimd/pim_register.c:335:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_register.c:380:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_register.c:406:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rp.c:249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:371:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rp.c:446:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFSIZ]; data/frr-7.4/pimd/pim_rp.c:548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:549:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:644:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:675:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:676:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:727:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grp_str[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rp.c:762:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bsrp_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rp.c:790:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:838:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:926:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:962:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:963:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:1040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:1077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:1146:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:1147:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_rp.c:1207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_buffer[32]; data/frr-7.4/pimd/pim_rp.c:1208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_buffer[32]; data/frr-7.4/pimd/pim_rp.c:1250:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[7]; data/frr-7.4/pimd/pim_rp.c:1263:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[48]; data/frr-7.4/pimd/pim_rp.c:1402:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rp.c:1403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str1[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:77:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rpf.c:90:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:159:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_rpf.c:160:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_rpf.c:287:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nhaddr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_sock.c:288:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_sock.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_sock.c:304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_sock.c:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_sock.c:328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[1000]; data/frr-7.4/pimd/pim_ssmpingd.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:292:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:293:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char to_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:353:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:397:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:414:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_ssmpingd.c:423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:126:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(original_s_route, s_route, data/frr-7.4/pimd/pim_static.c:181:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:194:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s_route, original_s_route, data/frr-7.4/pimd/pim_static.c:216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:266:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:267:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:292:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:293:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:310:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sifaddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.c:333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gbuf[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_static.h:34:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char oif_ttls[MAXVIFS]; data/frr-7.4/pimd/pim_str.c:47:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_tlv.c:131:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &p->u.prefix4, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_tlv.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &p->u.prefix6, sizeof(struct in6_addr)); data/frr-7.4/pimd/pim_tlv.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &group, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_tlv.c:281:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:483:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->u.prefix4, addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_tlv.c:499:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p->u.prefix6, addr, sizeof(struct in6_addr)); data/frr-7.4/pimd/pim_tlv.c:556:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sg->grp.s_addr, addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_tlv.c:615:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sg->src, addr, sizeof(struct in_addr)); data/frr-7.4/pimd/pim_tlv.c:681:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:699:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:716:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.c:737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_tlv.h:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_tmp, (buf), sizeof(uint16_t)); \ data/frr-7.4/pimd/pim_tlv.h:60:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_tmp, (buf), sizeof(uint32_t)); \ data/frr-7.4/pimd/pim_upstream.c:271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_upstream.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_upstream.c:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_upstream.c:487:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_upstream.c:1051:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/pimd/pim_upstream.c:1256:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_upstream.c:1257:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rpf_addr_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_upstream.c:1699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char state_str[PIM_REG_STATE_STR_LEN]; data/frr-7.4/pimd/pim_upstream.c:2166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/frr-7.4/pimd/pim_upstream.h:235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_vty.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaces[10]; data/frr-7.4/pimd/pim_vty.c:254:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_vty.c:322:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_vty.c:389:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_vty.c:390:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str data/frr-7.4/pimd/pim_vxlan.c:855:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_vxlan.c:1167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash_name[64]; data/frr-7.4/pimd/pim_vxlan.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_zebra.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/pimd/pim_zebra.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/pimd/pim_zebra.c:214:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/pimd/pim_zebra.c:355:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PIM_SG_LEN]; data/frr-7.4/pimd/pim_zebra.c:648:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nexthop, &up->rpf.source_nexthop, data/frr-7.4/pimd/pim_zebra.c:663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zebra.c:675:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zebra.c:841:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zebra.c:842:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zebra.c:843:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char upstream_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raddr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:235:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:280:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix6, data/frr-7.4/pimd/pim_zlookup.c:311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:334:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:417:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:454:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:481:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/pimd/pim_zlookup.c:482:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nexthop_str[PREFIX_STRLEN]; data/frr-7.4/pimd/pim_zlookup.c:501:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET_ADDRSTRLEN]; data/frr-7.4/qpb/linear_allocator.h:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[0]; data/frr-7.4/qpb/qpb.h:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix->bytes.data, &p->u.prefix, prefix->bytes.len); data/frr-7.4/qpb/qpb.h:137:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix->u.prefix, pb_prefix->bytes.data, pb_prefix->bytes.len); data/frr-7.4/qpb/qpb.h:240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v6->bytes.data, addr->s6_addr, v6->bytes.len); data/frr-7.4/qpb/qpb.h:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr->s6_addr, v6->bytes.data, v6->bytes.len); data/frr-7.4/ripd/rip_cli.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/ripd/rip_cli.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/ripd/rip_nb_notifications.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/ripd/rip_nb_notifications.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_arg[XPATH_MAXLEN]; data/frr-7.4/ripd/rip_peer.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[RIP_UPTIME_LEN]; data/frr-7.4/ripd/rip_routemap.c:75:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *metric = atoi(arg); data/frr-7.4/ripd/ripd.c:187:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rinfo, rinfo_new, sizeof(struct rip_info)); data/frr-7.4/ripd/ripd.c:237:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rinfo, rinfo_new, sizeof(struct rip_info)); data/frr-7.4/ripd/ripd.c:675:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rinfo, &newinfo, data/frr-7.4/ripd/ripd.c:704:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[BUFSIZ], nbuf[BUFSIZ]; data/frr-7.4/ripd/ripd.c:884:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth_str[RIP_AUTH_MD5_SIZE] = {}; data/frr-7.4/ripd/ripd.c:1089:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[RIP_AUTH_MD5_SIZE]; data/frr-7.4/ripd/ripd.c:1312:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifaddr, ifc->address, data/frr-7.4/ripd/ripd.c:1314:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifaddrclass, &ifaddr, data/frr-7.4/ripd/ripd.c:1457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adata[256] = {}; data/frr-7.4/ripd/ripd.c:1467:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst[ADDRESS_SIZE]; data/frr-7.4/ripd/ripd.c:2083:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auth_str[RIP_AUTH_SIMPLE_SIZE]; data/frr-7.4/ripd/ripd.c:2139:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifaddrclass, ifc->address, sizeof(struct prefix_ipv4)); data/frr-7.4/ripd/ripd.c:2173:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&classfull, &rp->p, data/frr-7.4/ripd/ripd.c:2965:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/ripd/ripd.c:3027:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[TIME_BUF]; data/frr-7.4/ripd/ripd.c:3309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/ripd/ripd.h:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RIP_PACKET_MAXSIZ]; data/frr-7.4/ripngd/ripng_cli.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/ripngd/ripng_cli.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/ripngd/ripng_interface.c:430:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/ripngd/ripng_peer.c:165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[RIPNG_UPTIME_LEN]; data/frr-7.4/ripngd/ripng_routemap.c:66:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *metric = atoi(arg); data/frr-7.4/ripngd/ripngd.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adata[256] = {}; data/frr-7.4/ripngd/ripngd.c:266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adata[1024]; data/frr-7.4/ripngd/ripngd.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_BUFSIZ]; data/frr-7.4/ripngd/ripngd.c:480:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rinfo, rinfo_new, sizeof(struct ripng_info)); data/frr-7.4/ripngd/ripngd.c:536:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rinfo, rinfo_new, sizeof(struct ripng_info)); data/frr-7.4/ripngd/ripngd.c:1998:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[TIME_BUF]; data/frr-7.4/ripngd/ripngd.c:2016:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[3]; data/frr-7.4/ripngd/ripngd.c:2417:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/sharpd/sharp_nht.c:60:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/sharpd/sharp_vty.c:71:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix6, &nhop, 16); data/frr-7.4/sharpd/sharp_vty.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/sharpd/sharp_zebra.c:300:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/sharpd/sharp_zebra.c:342:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&api.prefix, p, sizeof(*p)); data/frr-7.4/sharpd/sharp_zebra.c:372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/staticd/static_main.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_config_file[256]; data/frr-7.4/staticd/static_routes.c:154:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&si->snh_label, snh_label, sizeof(struct static_nh_label)); data/frr-7.4/staticd/static_routes.h:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nh_vrfname[VRF_NAMSIZ + 1]; data/frr-7.4/staticd/static_routes.h:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/staticd/static_vty.c:362:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(distance_str); data/frr-7.4/staticd/static_vty.c:427:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table_id = atol(table_str); data/frr-7.4/staticd/static_vty.c:606:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spacing[100]; data/frr-7.4/staticd/static_vty.c:610:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/staticd/static_vty.c:630:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN]; data/frr-7.4/staticd/static_zebra.c:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/tests/bgpd/test_aspath.c:509:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char attrheader[1024]; data/frr-7.4/tests/bgpd/test_bgp_table.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/tests/bgpd/test_mpath.c:317:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((struct route_table *)&rt_node->table, &rt->route_table, data/frr-7.4/tests/bgpd/test_packet.c:81:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). peer->fd = open(argv[1], O_RDONLY|O_NONBLOCK); data/frr-7.4/tests/bgpd/test_peer_attr.c:1459:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pac, pa, sizeof(struct test_peer_attr)); data/frr-7.4/tests/bgpd/test_peer_attr.c:1466:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pa->families, test_default_families, data/frr-7.4/tests/bgpd/test_peer_attr.c:1473:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pac, pa, sizeof(struct test_peer_attr)); data/frr-7.4/tests/helpers/c/main.c:138:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vty_port = atoi(optarg); data/frr-7.4/tests/helpers/c/prng.c:64:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[256]; data/frr-7.4/tests/isisd/test_fuzz_isis_tlv.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TEST_STREAM_SIZE]; data/frr-7.4/tests/lib/cli/test_cli.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/tests/lib/cli/test_commands.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char test_buf[32768]; data/frr-7.4/tests/lib/cli/test_commands.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096]; data/frr-7.4/tests/lib/cli/test_commands.c:370:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_edit_distance = atoi(optarg); data/frr-7.4/tests/lib/cli/test_commands.c:373:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_index = atoi(optarg); data/frr-7.4/tests/lib/northbound/test_oper_data.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IFNAMSIZ]; data/frr-7.4/tests/lib/northbound/test_oper_data.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/frr-7.4/tests/lib/northbound/test_oper_data.c:291:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[32]; data/frr-7.4/tests/lib/northbound/test_oper_data.c:383:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_vrfs = atoi(argv[1]); data/frr-7.4/tests/lib/northbound/test_oper_data.c:385:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_interfaces = atoi(argv[2]); data/frr-7.4/tests/lib/northbound/test_oper_data.c:387:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_routes = atoi(argv[3]); data/frr-7.4/tests/lib/test_buffer.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char junk[3]; data/frr-7.4/tests/lib/test_graph.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[64]; data/frr-7.4/tests/lib/test_graph.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char names[NUMNODES][16]; data/frr-7.4/tests/lib/test_idalloc.c:13:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char allocated_markers[IDS_PER_PAGE*3]; data/frr-7.4/tests/lib/test_ntop.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[64], buf2[64]; data/frr-7.4/tests/lib/test_prefix2str.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[64], buf2[64], ntopbuf[64]; data/frr-7.4/tests/lib/test_prefix2str.c:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix, &i6, sizeof(i6)); data/frr-7.4/tests/lib/test_printfrr.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], bufrr[256], *p; data/frr-7.4/tests/lib/test_printfrr.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufrr[256]; data/frr-7.4/tests/lib/test_printfrr.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/tests/lib/test_ringbuf.c:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char flower[BUFSIZ * 2]; data/frr-7.4/tests/lib/test_ringbuf.c:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char water[strlen(organ) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xylem[strlen(phloem) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chloroplast[strlen(cytoplasm) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sixteen[16]; data/frr-7.4/tests/lib/test_seqlock.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/tests/lib/test_srcdest_table.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_str[BUFSIZ]; data/frr-7.4/tests/lib/test_srcdest_table.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[BUFSIZ]; data/frr-7.4/tests/lib/test_srcdest_table.c:121:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rv, data, 2 * sizeof(struct prefix)); data/frr-7.4/tests/lib/test_srcdest_table.c:156:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[0], dst_p, sizeof(*dst_p)); data/frr-7.4/tests/lib/test_srcdest_table.c:157:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[1], src_p, sizeof(*src_p)); data/frr-7.4/tests/lib/test_srcdest_table.c:180:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[0], dst_p, sizeof(*dst_p)); data/frr-7.4/tests/lib/test_srcdest_table.c:181:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[1], src_p, sizeof(*src_p)); data/frr-7.4/tests/lib/test_srcdest_table.c:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[0], dst_p, sizeof(*dst_p)); data/frr-7.4/tests/lib/test_srcdest_table.c:312:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hash_entry[1], src_p, sizeof(*src_p)); data/frr-7.4/tests/lib/test_table.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/tests/lib/test_table.c:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result_buf[PREFIX2STR_BUFFER]; data/frr-7.4/tests/lib/test_typelist.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashtext[65]; data/frr-7.4/tests/lib/test_typelist.h:124:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hashtext + i * 2, "%02x", hash[i]); data/frr-7.4/tests/lib/test_zmq.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/tests/lib/test_zmq.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32] = "Test write callback"; data/frr-7.4/tests/lib/test_zmq.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/tests/lib/test_zmq.c:237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/frr-7.4/tests/ospf6d/test_lsdb.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adv_router[64], id[64]; data/frr-7.4/tools/frr-llvm-cg.c:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; data/frr-7.4/tools/frr-llvm-cg.c:618:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpout[strlen(out) + 5]; data/frr-7.4/tools/gcc-plugins/frr-format.c:1336:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_flag_chars[256]; data/frr-7.4/tools/gen_northbound_callbacks.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_type[32]; data/frr-7.4/tools/gen_northbound_callbacks.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char return_value[32]; data/frr-7.4/tools/gen_northbound_callbacks.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arguments[128]; data/frr-7.4/tools/gen_northbound_callbacks.c:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb_name[BUFSIZ]; data/frr-7.4/tools/gen_northbound_callbacks.c:234:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb_name[BUFSIZ]; data/frr-7.4/tools/gen_northbound_callbacks.c:241:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/tools/gen_northbound_callbacks.c:279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cb_name[BUFSIZ]; data/frr-7.4/tools/gen_northbound_callbacks.c:286:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/tools/gen_northbound_callbacks.c:316:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char module_name_underscores[64]; data/frr-7.4/tools/gen_yang_deviations.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath[XPATH_MAXLEN]; data/frr-7.4/tools/start-stop-daemon.c:88:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char what_stop[1024]; data/frr-7.4/tools/start-stop-daemon.c:289:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(namespace->path, O_RDONLY)) == -1) data/frr-7.4/tools/start-stop-daemon.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char item_buf[20]; data/frr-7.4/tools/start-stop-daemon.c:456:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item_buf, schedule_str, str_len); data/frr-7.4/tools/start-stop-daemon.c:558:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nicelevel = atoi(optarg); data/frr-7.4/tools/start-stop-daemon.c:608:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/frr-7.4/tools/start-stop-daemon.c:620:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/frr-7.4/tools/start-stop-daemon.c:631:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/frr-7.4/tools/start-stop-daemon.c:636:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(buf, "r"); data/frr-7.4/tools/start-stop-daemon.c:669:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "r"); data/frr-7.4/tools/start-stop-daemon.c:778:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(what_stop, "process in pidfile `%.200s'", pidfile); data/frr-7.4/tools/start-stop-daemon.c:780:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(what_stop, "process(es) owned by `%.200s'", userspec); data/frr-7.4/tools/start-stop-daemon.c:1031:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/tty", O_RDWR); data/frr-7.4/tools/start-stop-daemon.c:1041:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/null", O_RDWR); /* stdin */ data/frr-7.4/tools/start-stop-daemon.c:1055:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pidf = fopen(pidfile, "w"); data/frr-7.4/vrrpd/vrrp.c:53:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *const vrrp_state_names[3] = { data/frr-7.4/vrrpd/vrrp.c:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const vrrp_event_names[2] = { data/frr-7.4/vrrpd/vrrp.c:154:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u, &addr->ip, sizeof(addr->ip)); data/frr-7.4/vrrpd/vrrp.c:426:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:571:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethstr[ETHER_ADDR_STRLEN]; data/frr-7.4/vrrpd/vrrp.c:703:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipstr[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sipstr[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dipstr[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dumpbuf[BUFSIZ]; data/frr-7.4/vrrpd/vrrp.c:1006:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[BUFSIZ]; data/frr-7.4/vrrpd/vrrp.c:1592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:1726:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp.c:2381:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[IFNAMSIZ + 64]; data/frr-7.4/vrrpd/vrrp.h:475:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *const vrrp_state_names[3]; data/frr-7.4/vrrpd/vrrp_arp.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->ether_shost, ifp->hw_addr, ETH_ALEN); data/frr-7.4/vrrpd/vrrp_arp.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp_ptr, ifp->hw_addr, ifp->hw_addr_len); data/frr-7.4/vrrpd/vrrp_arp.c:103:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp_ptr, v4, sizeof(struct in_addr)); data/frr-7.4/vrrpd/vrrp_arp.c:109:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arp_ptr, v4, sizeof(struct in_addr)); data/frr-7.4/vrrpd/vrrp_arp.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char astr[INET_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp_main.c:45:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_config_file[256]; data/frr-7.4/vrrpd/vrrp_ndisc.c:106:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eth->ether_shost, lladdr, ETH_ALEN); data/frr-7.4/vrrpd/vrrp_ndisc.c:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip6h->ip6_src, &ip->ipaddr_v6, sizeof(struct in6_addr)); data/frr-7.4/vrrpd/vrrp_ndisc.c:125:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ndh->nd_na_target, &ip->ipaddr_v6, sizeof(struct in6_addr)); data/frr-7.4/vrrpd/vrrp_ndisc.c:130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nd_opt_lladdr, lladdr, ETH_ALEN); data/frr-7.4/vrrpd/vrrp_ndisc.c:168:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sll.sll_addr, ifp->hw_addr, ETH_ALEN); data/frr-7.4/vrrpd/vrrp_ndisc.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp_packet.c:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const vrrp_packet_names[16] = { data/frr-7.4/vrrpd/vrrp_packet.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aptr, &ips[i]->ip.addr, addrsz); data/frr-7.4/vrrpd/vrrp_packet.c:165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[BUFSIZ]; data/frr-7.4/vrrpd/vrrp_packet.c:269:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src->ipaddr_v6, &sa->sin6_addr, data/frr-7.4/vrrpd/vrrp_packet.c:316:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vbuf[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valbuf[20]; data/frr-7.4/vrrpd/vrrp_vty.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[20]; data/frr-7.4/vrrpd/vrrp_vty.c:353:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethstr4[ETHER_ADDR_STRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:354:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethstr6[ETHER_ADDR_STRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipstr[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sipstr4[INET6_ADDRSTRLEN] = {}; data/frr-7.4/vrrpd/vrrp_vty.c:359:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sipstr6[INET6_ADDRSTRLEN] = {}; data/frr-7.4/vrrpd/vrrp_vty.c:461:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethstr4[ETHER_ADDR_STRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:462:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ethstr6[ETHER_ADDR_STRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:463:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipstr[INET6_ADDRSTRLEN]; data/frr-7.4/vrrpd/vrrp_vty.c:466:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sipstr4[INET6_ADDRSTRLEN] = {}; data/frr-7.4/vrrpd/vrrp_vty.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sipstr6[INET6_ADDRSTRLEN] = {}; data/frr-7.4/vrrpd/vrrp_vty.c:538:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fill[35]; data/frr-7.4/vtysh/vtysh.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATHLEN]; data/frr-7.4/vtysh/vtysh.c:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stackbuf[4096]; data/frr-7.4/vtysh/vtysh.c:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char terminator[3] = {0, 0, 0}; data/frr-7.4/vtysh/vtysh.c:297:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, stackbuf, sizeof(stackbuf)); data/frr-7.4/vtysh/vtysh.c:701:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confp = fopen(filename, "r"); data/frr-7.4/vtysh/vtysh.c:2362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/frr-7.4/vtysh/vtysh.c:2387:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/frr-7.4/vtysh/vtysh.c:2528:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[256]; data/frr-7.4/vtysh/vtysh.c:2929:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(frr_config, "w"); data/frr-7.4/vtysh/vtysh.c:3356:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vty->of = fopen(path, "a"); data/frr-7.4/vtysh/vtysh.c:3690:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[512]; data/frr-7.4/vtysh/vtysh.c:3708:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accmd[256]; data/frr-7.4/vtysh/vtysh_config.c:518:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). confp = fopen(config_default_dir, "r"); data/frr-7.4/vtysh/vtysh_config.c:538:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/frr-7.4/vtysh/vtysh_main.c:66:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char vtysh_config[MAXPATHLEN * 3]; data/frr-7.4/vtysh/vtysh_main.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char frr_config[MAXPATHLEN * 3]; data/frr-7.4/vtysh/vtysh_main.c:68:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vtydir[MAXPATHLEN]; data/frr-7.4/vtysh/vtysh_main.c:69:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char history_file[MAXPATHLEN]; data/frr-7.4/vtysh/vtysh_main.c:234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tod[64]; data/frr-7.4/vtysh/vtysh_main.c:251:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). flock_fd = open(flock_file, O_RDONLY, 0644); data/frr-7.4/vtysh/vtysh_main.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysconfdir[MAXPATHLEN]; data/frr-7.4/vtysh/vtysh_main.c:322:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathspace[MAXPATHLEN] = ""; data/frr-7.4/vtysh/vtysh_main.c:582:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = open(history_file, O_CREAT | O_EXCL, data/frr-7.4/vtysh/vtysh_main.c:594:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(logpath, "a"); data/frr-7.4/vtysh/vtysh_user.c:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/frr-7.4/watchfrr/watchfrr.c:314:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *const argv[4] = {shell, dashc, shell_cmd, NULL}; data/frr-7.4/watchfrr/watchfrr.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/frr-7.4/watchfrr/watchfrr.c:489:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[strlen(command) + strlen(restart->name) + 1]; data/frr-7.4/watchfrr/watchfrr.c:611:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char resp[sizeof(PING_TOKEN) + 4] = PING_TOKEN "\n"; data/frr-7.4/watchfrr/watchfrr.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(resp) + 100]; data/frr-7.4/watchfrr/watchfrr.c:618:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[100]; data/frr-7.4/watchfrr/watchfrr.c:635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[sizeof(buf) + 100]; data/frr-7.4/watchfrr/watchfrr.c:647:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[100 + sizeof(buf)]; data/frr-7.4/watchfrr/watchfrr.c:692:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char started[1024]; data/frr-7.4/watchfrr/watchfrr.c:716:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(started, "w"); data/frr-7.4/watchfrr/watchfrr.c:754:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[100]; data/frr-7.4/watchfrr/watchfrr.c:770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[100]; data/frr-7.4/watchfrr/watchfrr.c:1026:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char why[100 + sizeof(echocmd)]; data/frr-7.4/watchfrr/watchfrr.c:1123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alldaemons[512] = "", *p = alldaemons; data/frr-7.4/watchfrr/watchfrr.c:1242:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr.c:1253:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr.c:1265:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr.c:1277:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr.c:1313:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr.c:1324:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char garbage[3]; data/frr-7.4/watchfrr/watchfrr_vty.c:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; data/frr-7.4/zebra/connected.c:263:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/connected.c:407:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/connected.c:431:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/connected.c:539:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix6, address, sizeof(struct in6_addr)); data/frr-7.4/zebra/dplane_fpm_nl.c:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/dplane_fpm_nl.c:568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/if_ioctl.c:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifp->hw_addr, ifreq.ifr_hwaddr.sa_data, 6); data/frr-7.4/zebra/if_ioctl_solaris.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lifreq.lifr_addr, addr, ADDRLEN(addr)); data/frr-7.4/zebra/if_ioctl_solaris.c:261:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest, &lifreq.lifr_dstaddr, ADDRLEN(addr)); data/frr-7.4/zebra/if_ioctl_solaris.c:281:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mask, &lifreq.lifr_addr, ADDRLEN(addr)); data/frr-7.4/zebra/if_ioctl_solaris.c:286:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dest, &lifreq.lifr_broadaddr, data/frr-7.4/zebra/if_netlink.c:122:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifp->hw_addr, RTA_DATA(tb[IFLA_ADDRESS]), data/frr-7.4/zebra/if_netlink.c:566:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. name = (char *)RTA_DATA(tb[IFLA_IFNAME]); data/frr-7.4/zebra/if_netlink.c:660:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. name = (char *)RTA_DATA(tb[IFLA_IFNAME]); data/frr-7.4/zebra/if_netlink.c:663:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. desc = (char *)RTA_DATA(tb[IFLA_IFALIAS]); data/frr-7.4/zebra/if_netlink.c:768:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/if_netlink.c:873:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/if_netlink.c:903:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/if_netlink.c:1020:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/if_netlink.c:1044:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)RTA_DATA(tb[IFA_LABEL])); data/frr-7.4/zebra/if_netlink.c:1086:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. label = (char *)RTA_DATA(tb[IFA_LABEL]); data/frr-7.4/zebra/if_netlink.c:1220:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. name = (char *)RTA_DATA(tb[IFLA_IFNAME]); data/frr-7.4/zebra/if_netlink.c:1239:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. desc = (char *)RTA_DATA(tb[IFLA_IFALIAS]); data/frr-7.4/zebra/if_netlink.c:1365:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_hw_addr, ifp->hw_addr, INTERFACE_HWADDR_MAX); data/frr-7.4/zebra/if_netlink.c:1474:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/interface.c:890:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[6], data/frr-7.4/zebra/interface.c:896:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16] = "169.254.0.1"; data/frr-7.4/zebra/interface.c:923:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zif->neigh_mac[0], &mac[0], 6); data/frr-7.4/zebra/interface.c:932:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zif->v6_2_v4_ll_addr6, address, sizeof(*address)); data/frr-7.4/zebra/interface.c:941:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[6]; data/frr-7.4/zebra/interface.c:1187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/interface.c:1286:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char global_pfx[PREFIX_STRLEN] = {0}; data/frr-7.4/zebra/interface.c:1287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN] = {0}; data/frr-7.4/zebra/interface.c:3537:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/interface.h:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[RTADV_MAX_ENCODED_DOMAIN_NAME - 1]; data/frr-7.4/zebra/interface.h:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_last[QUAGGA_TIMESTAMP_LEN]; data/frr-7.4/zebra/interface.h:302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char down_last[QUAGGA_TIMESTAMP_LEN]; data/frr-7.4/zebra/interface.h:361:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char neigh_mac[6]; data/frr-7.4/zebra/interface.h:423:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[6], data/frr-7.4/zebra/ioctl.c:257:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:267:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_broadaddr, &peer, data/frr-7.4/zebra/ioctl.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_mask, &mask, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:308:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:318:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_broadaddr, &peer, data/frr-7.4/zebra/ioctl.c:328:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_mask, &mask, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_broadaddr, &broad, data/frr-7.4/zebra/ioctl.c:384:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_addr, &mask, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:409:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl.c:540:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_addr, &addr, sizeof(struct sockaddr_in6)); data/frr-7.4/zebra/ioctl.c:548:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_prefixmask, &mask, sizeof(struct sockaddr_in6)); data/frr-7.4/zebra/ioctl.c:587:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_addr, &addr, sizeof(struct sockaddr_in6)); data/frr-7.4/zebra/ioctl.c:595:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addreq.ifra_prefixmask, &mask, sizeof(struct sockaddr_in6)); data/frr-7.4/zebra/ioctl_solaris.c:242:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl_solaris.c:260:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_broadaddr, &broad, data/frr-7.4/zebra/ioctl_solaris.c:271:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_netmask, &mask, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl_solaris.c:294:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ifreq.ifr_addr, &addr, sizeof(struct sockaddr_in)); data/frr-7.4/zebra/ioctl_solaris.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[PREFIX_STRLEN]; data/frr-7.4/zebra/ioctl_solaris.c:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrbuf[PREFIX_STRLEN]; data/frr-7.4/zebra/ipforward_proc.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/frr-7.4/zebra/ipforward_proc.c:48:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_net_snmp, "r"); data/frr-7.4/zebra/ipforward_proc.c:79:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_ipv4_forwarding, "w"); data/frr-7.4/zebra/ipforward_proc.c:100:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_ipv4_forwarding, "w"); data/frr-7.4/zebra/ipforward_proc.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/frr-7.4/zebra/ipforward_proc.c:125:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_ipv6_forwarding, "r"); data/frr-7.4/zebra/ipforward_proc.c:147:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_ipv6_forwarding, "w"); data/frr-7.4/zebra/ipforward_proc.c:169:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(proc_ipv6_forwarding, "w"); data/frr-7.4/zebra/ipforward_solaris.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nd_buf[ND_BUFFER_SIZE]; data/frr-7.4/zebra/ipforward_solaris.c:87:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(device, O_RDWR)) < 0) { data/frr-7.4/zebra/ipforward_solaris.c:105:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). retval = atoi(nd_buf); data/frr-7.4/zebra/irdp_interface.c:98:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "%u.%u.%u.%u", (a)&0xFF, (a >> 8) & 0xFF, (a >> 16) & 0xFF, data/frr-7.4/zebra/irdp_interface.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[INET_ADDRSTRLEN]; data/frr-7.4/zebra/irdp_interface.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[INET_ADDRSTRLEN]; data/frr-7.4/zebra/irdp_interface.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[INET_ADDRSTRLEN]; data/frr-7.4/zebra/irdp_interface.c:368:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[INET_ADDRSTRLEN]; data/frr-7.4/zebra/irdp_interface.c:483:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). irdp->Lifetime = atoi(argv[idx_number]->arg); data/frr-7.4/zebra/irdp_interface.c:501:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((unsigned)atoi(argv[idx_number]->arg) <= irdp->MaxAdvertInterval) { data/frr-7.4/zebra/irdp_interface.c:502:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). irdp->MinAdvertInterval = atoi(argv[idx_number]->arg); data/frr-7.4/zebra/irdp_interface.c:526:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (irdp->MinAdvertInterval <= (unsigned)atoi(argv[idx_number]->arg)) { data/frr-7.4/zebra/irdp_interface.c:527:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). irdp->MaxAdvertInterval = atoi(argv[idx_number]->arg); data/frr-7.4/zebra/irdp_interface.c:556:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). irdp->Preference = atoi(argv[idx_number]->arg); data/frr-7.4/zebra/irdp_interface.c:586:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pref = atoi(argv[idx_number]->arg); data/frr-7.4/zebra/irdp_main.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/irdp_packet.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adata[CMSG_SPACE(SOPT_SIZE_CMSG_PKTINFO_IPV4())]; data/frr-7.4/zebra/irdp_packet.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IRDP_RX_BUF]; data/frr-7.4/zebra/irdp_packet.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[256]; data/frr-7.4/zebra/irdp_packet.c:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/kernel_netlink.c:337:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char netlink_fuzz_file[MAXPATHLEN] = ""; data/frr-7.4/zebra/kernel_netlink.c:370:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPATHLEN]; data/frr-7.4/zebra/kernel_netlink.c:375:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fname, "w"); data/frr-7.4/zebra/kernel_netlink.c:396:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fname, "r"); data/frr-7.4/zebra/kernel_netlink.c:546:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(rta), data, alen); data/frr-7.4/zebra/kernel_netlink.c:571:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RTA_DATA(subrta), data, alen); data/frr-7.4/zebra/kernel_netlink.c:686:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. msg = (const char *)NLA_DATA(tb[NLMSGERR_ATTR_MSG]); data/frr-7.4/zebra/kernel_netlink.c:740:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_RCV_PKT_BUF_SIZE]; data/frr-7.4/zebra/kernel_socket.c:286:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, sap, destlen); data/frr-7.4/zebra/kernel_socket.c:288:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, sap, copylen); data/frr-7.4/zebra/kernel_socket.c:324:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, sdl->sdl_data, IFNAMSIZ); data/frr-7.4/zebra/kernel_socket.c:328:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, sdl->sdl_data, copylen); data/frr-7.4/zebra/kernel_socket.c:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ustr[32]; data/frr-7.4/zebra/kernel_socket.c:421:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZ]; data/frr-7.4/zebra/kernel_socket.c:527:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IFNAMSIZ]; data/frr-7.4/zebra/kernel_socket.c:531:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[64]; data/frr-7.4/zebra/kernel_socket.c:688:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((struct zebra_if *)ifp->info)->sdl, sdl, data/frr-7.4/zebra/kernel_socket.c:691:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((struct zebra_if *)ifp->info)->sdl, sdl, data/frr-7.4/zebra/kernel_socket.c:697:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifp->hw_addr, LLADDR(sdl), data/frr-7.4/zebra/kernel_socket.c:777:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[64]; data/frr-7.4/zebra/kernel_socket.c:830:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4][INET6_ADDRSTRLEN]; data/frr-7.4/zebra/kernel_socket.c:871:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ]; data/frr-7.4/zebra/kernel_socket.c:1039:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ + 1]; data/frr-7.4/zebra/kernel_socket.c:1045:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[64]; data/frr-7.4/zebra/kernel_socket.c:1173:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/frr-7.4/zebra/kernel_socket.c:1216:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_buf[INET_ADDRSTRLEN] = "NULL", data/frr-7.4/zebra/kernel_socket.c:1267:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pnt, (caddr_t)(X), len); \ data/frr-7.4/zebra/kernel_socket.c:1307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fbuf[64]; data/frr-7.4/zebra/main.c:367:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). graceful_restart = atoi(optarg); data/frr-7.4/zebra/main.c:371:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nl_rcvbufsize = atoi(optarg); data/frr-7.4/zebra/redistribute.c:122:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/redistribute.c:199:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/redistribute.c:257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/redistribute.c:544:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/redistribute.c:583:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/redistribute.c:820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char afi_str[AFI_MAX][10] = {"", "ip", "ipv6", "ethernet"}; data/frr-7.4/zebra/rt_netlink.c:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char ipv4_ll_buf[16] = "169.254.0.1"; data/frr-7.4/zebra/rt_netlink.c:389:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nh.src, prefsrc, sz); data/frr-7.4/zebra/rt_netlink.c:391:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nh.gate, gate, sz); data/frr-7.4/zebra/rt_netlink.c:531:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char anyaddr[16] = {0}; data/frr-7.4/zebra/rt_netlink.c:673:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix4, dest, 4); data/frr-7.4/zebra/rt_netlink.c:677:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:695:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u.prefix6, dest, 16); data/frr-7.4/zebra/rt_netlink.c:705:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&src_p.prefix, src, 16); data/frr-7.4/zebra/rt_netlink.c:732:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:733:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:851:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[40]; data/frr-7.4/zebra/rt_netlink.c:852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gbuf[40]; data/frr-7.4/zebra/rt_netlink.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oif_list[256] = "\0"; data/frr-7.4/zebra/rt_netlink.c:918:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[256]; data/frr-7.4/zebra/rt_netlink.c:1043:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gw_fam.gate.ipv4, &nexthop->gate.ipv4, bytelen); data/frr-7.4/zebra/rt_netlink.c:1045:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gw_fam.gate.ipv6, &nexthop->gate.ipv6, bytelen); data/frr-7.4/zebra/rt_netlink.c:1070:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gw_fam.gate.ipv4, &nexthop->gate.ipv4, bytelen); data/frr-7.4/zebra/rt_netlink.c:1072:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gw_fam.gate.ipv6, &nexthop->gate.ipv6, bytelen); data/frr-7.4/zebra/rt_netlink.c:1091:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf1[20]; data/frr-7.4/zebra/rt_netlink.c:1100:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(label_buf, "label %u", data/frr-7.4/zebra/rt_netlink.c:1137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[256]; data/frr-7.4/zebra/rt_netlink.c:1140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rt_netlink.c:1302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[256]; data/frr-7.4/zebra/rt_netlink.c:1484:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:1662:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rt_netlink.c:1786:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rt_netlink.c:1871:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:1926:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[(MULTIPATH_NUM * (ID_LENGTH + 1)) + 1]; data/frr-7.4/zebra/rt_netlink.c:1927:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ID_LENGTH + 2]; data/frr-7.4/zebra/rt_netlink.c:1968:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rt_netlink.c:1972:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[256]; data/frr-7.4/zebra/rt_netlink.c:2300:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(nh.gate), gate, sz); data/frr-7.4/zebra/rt_netlink.c:2660:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:2661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vid_buf[20]; data/frr-7.4/zebra/rt_netlink.c:2662:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_buf[30]; data/frr-7.4/zebra/rt_netlink.c:2694:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mac, RTA_DATA(tb[NDA_LLADDR]), ETH_ALEN); data/frr-7.4/zebra/rt_netlink.c:2705:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vtep_ip.s_addr, RTA_DATA(tb[NDA_DST]), data/frr-7.4/zebra/rt_netlink.c:2824:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:2911:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:2914:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:2995:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipbuf[PREFIX_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:2996:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:2997:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vid_buf[20]; data/frr-7.4/zebra/rt_netlink.c:3064:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:3065:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rt_netlink.c:3095:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ip.ip.addr, RTA_DATA(tb[NDA_DST]), RTA_PAYLOAD(tb[NDA_DST])); data/frr-7.4/zebra/rt_netlink.c:3154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mac, RTA_DATA(tb[NDA_LLADDR]), ETH_ALEN); data/frr-7.4/zebra/rt_netlink.c:3227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:3296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/frr-7.4/zebra/rt_netlink.c:3319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rt_netlink.c:3336:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rt_netlink.c:3423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rt_netlink.c:3424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/rt_netlink.c:3505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rt_netlink.c:3595:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rt_socket.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gate_buf[INET6_BUFSIZ]; data/frr-7.4/zebra/rt_socket.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_buf[PREFIX_STRLEN]; data/frr-7.4/zebra/rtadv.c:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adata[1024]; data/frr-7.4/zebra/rtadv.c:155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst, &ptr->ipi6_addr, sizeof(ptr->ipi6_addr)); data/frr-7.4/zebra/rtadv.c:182:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[RTADV_MSG_SIZE]; data/frr-7.4/zebra/rtadv.c:354:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len, ifp->hw_addr, ifp->hw_addr_len); data/frr-7.4/zebra/rtadv.c:436:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + len, dnssl->encoded_name, dnssl->encoded_len); data/frr-7.4/zebra/rtadv.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rtadv.c:708:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rtadv.c:899:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rprefix->prefix, p, sizeof(struct prefix_ipv6)); data/frr-7.4/zebra/rtadv.c:1991:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, rdnss, sizeof(struct rtadv_rdnss)); data/frr-7.4/zebra/rtadv.c:2052:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, dnssl, sizeof(struct rtadv_dnssl)); data/frr-7.4/zebra/rtadv.c:2063:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, dnssl, sizeof(struct rtadv_dnssl)); data/frr-7.4/zebra/rtadv.c:2108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out + outp, label_start, label_len); data/frr-7.4/zebra/rtadv.c:2343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/rtadv.c:2441:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/rtread_getmsg.c:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char storage[RT_BUFSIZ]; data/frr-7.4/zebra/rtread_getmsg.c:123:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dev = open(_PATH_GETMSG_ROUTE, O_RDWR)) == -1) { data/frr-7.4/zebra/rule_netlink.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/rule_netlink.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/rule_netlink.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/rule_netlink.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/rule_netlink.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/rule_netlink.c:256:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rule.rule.filter.src_ip.u.prefix4, data/frr-7.4/zebra/rule_netlink.c:259:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rule.rule.filter.src_ip.u.prefix6, data/frr-7.4/zebra/rule_netlink.c:268:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rule.rule.filter.dst_ip.u.prefix4, data/frr-7.4/zebra/rule_netlink.c:271:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rule.rule.filter.dst_ip.u.prefix6, data/frr-7.4/zebra/rule_netlink.c:290:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ifname = (char *)RTA_DATA(tb[FRA_IFNAME]); data/frr-7.4/zebra/rule_netlink.c:349:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/zapi_msg.c:376:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zapi_msg.c:405:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zapi_msg.c:653:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:736:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:747:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:1405:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zapi_msg.c:1425:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nhbuf[INET6_ADDRSTRLEN] = ""; data/frr-7.4/zebra/zapi_msg.c:1464:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(vtep_ip.ipaddr_v4), &(api_nh->gate.ipv4), data/frr-7.4/zebra/zapi_msg.c:1498:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vtep_ip.ipaddr_v6, &(api_nh->gate.ipv6), data/frr-7.4/zebra/zapi_msg.c:1556:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nhbuf[NEXTHOP_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:1557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelbuf[MPLS_LABEL_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:1568:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_prefix[PREFIX_STRLEN]; data/frr-7.4/zebra/zapi_msg.c:2343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/zebra/zapi_msg.c:2883:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPATHLEN]; data/frr-7.4/zebra/zapi_msg.c:2893:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_CREAT | O_WRONLY | O_EXCL, 0644); data/frr-7.4/zebra/zebra_dplane.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_buf[32]; data/frr-7.4/zebra/zebra_dplane.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zd_ifname[INTERFACE_NAMSIZ]; data/frr-7.4/zebra/zebra_dplane.c:261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dp_name[DPLANE_PROVIDER_NAMELEN + 1]; data/frr-7.4/zebra/zebra_dplane.c:1821:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p.u, &pw->nexthop, sizeof(pw->nexthop)); data/frr-7.4/zebra/zebra_dplane.c:2423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_str[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:2580:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN], buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:2724:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN], buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:3199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:3229:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:3284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_dplane.c:3312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_fpm.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(*dest)); data/frr-7.4/zebra/zebra_fpm.c:761:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/frr-7.4/zebra/zebra_fpm.c:799:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/frr-7.4/zebra/zebra_fpm.c:1438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_fpm.c:1521:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fpm_mac->macaddr, &key->macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_fpm.c:1549:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_fpm.c:1572:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key.macaddr, &rmac->macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_fpm.c:1832:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port_no = atoi(argv[5]->arg); data/frr-7.4/zebra/zebra_fpm.c:1852:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). || zfpm_g->fpm_port != atoi(argv[6]->arg)) data/frr-7.4/zebra/zebra_fpm_dt.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/frr-7.4/zebra/zebra_fpm_dt.c:122:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). times = atoi(argv[0]); data/frr-7.4/zebra/zebra_fpm_dt.c:155:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). times = atoi(argv[0]); data/frr-7.4/zebra/zebra_fpm_dt.c:183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_fpm_dt.c:236:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). times = atoi(argv[0]); data/frr-7.4/zebra/zebra_fpm_netlink.c:371:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/frr-7.4/zebra/zebra_fpm_netlink.c:454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NL_PKT_BUF_SIZE]; data/frr-7.4/zebra/zebra_fpm_netlink.c:580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_fpm_netlink.c:586:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[0]; data/frr-7.4/zebra/zebra_gr.c:493:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_l2.c:136:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zif->l2info.br, bridge_info, sizeof(*bridge_info)); data/frr-7.4/zebra/zebra_l2.c:164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zif->l2info.vl, vlan_info, sizeof(*vlan_info)); data/frr-7.4/zebra/zebra_l2.c:184:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&zif->l2info.vxl, vxlan_info, sizeof(*vxlan_info)); data/frr-7.4/zebra/zebra_mlag.c:590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[MLAG_ROLE_STRSIZE], buf2[MLAG_ROLE_STRSIZE]; data/frr-7.4/zebra/zebra_mlag.c:669:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ZLOG_FILTER_LENGTH_MAX]; data/frr-7.4/zebra/zebra_mlag.c:906:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hdr.data.data, tmp_buf, len); data/frr-7.4/zebra/zebra_mlag.c:923:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mlag_wr_buffer, &n_len, ZEBRA_MLAG_LEN_SIZE); data/frr-7.4/zebra/zebra_mlag.c:952:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/frr-7.4/zebra/zebra_mlag_vty.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MLAG_ROLE_STRSIZE]; data/frr-7.4/zebra/zebra_mpls.c:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:880:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ], buf2[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:1321:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:1385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:1427:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:1876:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NEXTHOP_STRLEN]; data/frr-7.4/zebra/zebra_mpls.c:1964:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NEXTHOP_STRLEN]; data/frr-7.4/zebra/zebra_mpls.c:2131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2520:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lstr[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2755:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2784:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MPLS_LABEL_STRLEN]; data/frr-7.4/zebra/zebra_mpls.c:2785:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[MPLS_LABEL_STRLEN]; data/frr-7.4/zebra/zebra_mpls.c:2802:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nh->nh_label->label, out_labels, data/frr-7.4/zebra/zebra_mpls.c:2817:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:2852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:3053:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:3146:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:3220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:3254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nh_buf[NEXTHOP_STRLEN]; data/frr-7.4/zebra/zebra_mpls.c:3325:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_mpls.c:3326:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lstr[30]; data/frr-7.4/zebra/zebra_mpls_openbsd.c:146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[sizeof(long)]; /* thank you IPv6 */ data/frr-7.4/zebra/zebra_mpls_openbsd.c:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sin6->sin6_addr.s6_addr[2], &tmp16, sizeof(tmp16)); data/frr-7.4/zebra/zebra_mpls_vty.c:71:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). label = atoi(inlabel_str); data/frr-7.4/zebra/zebra_mpls_vty.c:115:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). out_label = atoi(outlabel_str); data/frr-7.4/zebra/zebra_mpls_vty.c:230:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). label = atoi(label_str); data/frr-7.4/zebra/zebra_mpls_vty.c:363:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). label = atoi(argv[3]->arg); data/frr-7.4/zebra/zebra_mpls_vty.c:402:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). start_label = atoi(start_label_str); data/frr-7.4/zebra/zebra_mpls_vty.c:403:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). end_label = atoi(end_label_str); data/frr-7.4/zebra/zebra_mroute.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[40]; data/frr-7.4/zebra/zebra_mroute.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gbuf[40]; data/frr-7.4/zebra/zebra_nb_config.c:931:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN] = {0}; data/frr-7.4/zebra/zebra_netns_id.c:173:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(netnspath, O_RDONLY); data/frr-7.4/zebra/zebra_netns_id.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NETLINK_SOCKET_BUFFER_SIZE]; data/frr-7.4/zebra/zebra_netns_id.c:348:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(NS_DEFAULT_NAME, O_RDONLY); data/frr-7.4/zebra/zebra_netns_notify.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char net_path[PATH_MAX]; data/frr-7.4/zebra/zebra_netns_notify.c:160:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). netns = open(net_path, O_RDONLY); data/frr-7.4/zebra/zebra_netns_notify.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netnspath[64]; data/frr-7.4/zebra/zebra_netns_notify.c:241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_nhg.c:950:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->u.grp, grp, count * sizeof(struct nh_grp)); data/frr-7.4/zebra/zebra_nhg.c:1363:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[10]; data/frr-7.4/zebra/zebra_nhg.c:2005:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_ns.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/frr-7.4/zebra/zebra_ns.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VRF_NAMSIZ]; data/frr-7.4/zebra/zebra_pbr.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, zpr, sizeof(*zpr)); data/frr-7.4/zebra/zebra_pbr.c:566:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, zpi, sizeof(*zpi)); data/frr-7.4/zebra/zebra_pbr.c:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipset_name[ZEBRA_IPSET_NAME_SIZE]; data/frr-7.4/zebra/zebra_pbr.c:645:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, zpi, sizeof(*zpi)); data/frr-7.4/zebra/zebra_pbr.c:688:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, zpi, sizeof(*zpi)); data/frr-7.4/zebra/zebra_pbr.c:862:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_pbr.c:875:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char decoded_str[20]; data/frr-7.4/zebra/zebra_pbr.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_pbr.c:956:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_pbr.c:1111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcp_flag_str[64]; data/frr-7.4/zebra/zebra_pbr.c:1112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcp_flag_mask_str[64]; data/frr-7.4/zebra/zebra_pbr.c:1129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val_str[10]; data/frr-7.4/zebra/zebra_pbr.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[INTERFACE_NAMSIZ]; data/frr-7.4/zebra/zebra_pbr.h:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipset_name[ZEBRA_IPSET_NAME_SIZE]; data/frr-7.4/zebra/zebra_pbr.h:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipset_name[ZEBRA_IPSET_NAME_SIZE]; data/frr-7.4/zebra/zebra_ptm.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/frr-7.4/zebra/zebra_ptm.c:401:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.sun_path, ZEBRA_PTM_SOCK_NAME, data/frr-7.4/zebra/zebra_ptm.c:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2][INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_ptm.c:465:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bfdst_str[32]; data/frr-7.4/zebra/zebra_ptm.c:466:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[64]; data/frr-7.4/zebra/zebra_ptm.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_str[64]; data/frr-7.4/zebra/zebra_ptm.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vrf_str[64]; data/frr-7.4/zebra/zebra_ptm.c:591:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[128]; data/frr-7.4/zebra/zebra_ptm.c:592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbl_str[32]; data/frr-7.4/zebra/zebra_ptm.c:593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd_status_str[32]; data/frr-7.4/zebra/zebra_ptm.c:687:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char if_name[INTERFACE_NAMSIZ]; data/frr-7.4/zebra/zebra_ptm.c:690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_ptm.c:691:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[64]; data/frr-7.4/zebra/zebra_ptm.c:850:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char if_name[INTERFACE_NAMSIZ]; data/frr-7.4/zebra/zebra_ptm.c:852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_ptm.c:853:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[64]; data/frr-7.4/zebra/zebra_ptm.c:980:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[64]; data/frr-7.4/zebra/zebra_ptm.c:1041:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[64]; data/frr-7.4/zebra/zebra_ptm.c:1411:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ZEBRA_MAX_PACKET_SIZ]; data/frr-7.4/zebra/zebra_ptm.c:1519:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msgc->data + zhdrlen, msg->data + msg->getp, zmsglen); data/frr-7.4/zebra/zebra_pw.c:393:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). local_label = atoi(argv[idx + 1]->arg); data/frr-7.4/zebra/zebra_pw.c:395:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). remote_label = atoi(argv[idx + 1]->arg); data/frr-7.4/zebra/zebra_pw.c:486:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_nbr[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_pw.c:487:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf_labels[64]; data/frr-7.4/zebra/zebra_pw.c:532:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_pw.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/frr-7.4/zebra/zebra_rib.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER + sizeof(" (MRIB)")]; data/frr-7.4/zebra/zebra_rib.c:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[512]; data/frr-7.4/zebra/zebra_rib.c:348:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_rib.c:485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:529:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:633:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:755:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:778:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:829:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:869:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:995:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:1305:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN] = ""; data/frr-7.4/zebra/zebra_rib.c:1306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nh_str[NEXTHOP_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:1536:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN] = ""; data/frr-7.4/zebra/zebra_rib.c:1775:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest_str[PREFIX_STRLEN] = ""; data/frr-7.4/zebra/zebra_rib.c:2011:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:2425:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_rib.c:2445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nhname[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:2446:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_str[50]; data/frr-7.4/zebra/zebra_rib.c:2447:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wgt_str[50]; data/frr-7.4/zebra/zebra_rib.c:2514:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char straddr[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:2515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcaddr[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:2561:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix_buf[INET_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rib.c:2641:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:2699:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN] = ""; data/frr-7.4/zebra/zebra_rib.c:2700:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN] = ""; data/frr-7.4/zebra/zebra_rib.c:2844:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rib.c:2863:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dst_buf[PREFIX_STRLEN], src_buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rib.c:3023:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(vtep_ip.ipaddr_v4), data/frr-7.4/zebra/zebra_rib.c:3028:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(vtep_ip.ipaddr_v6), data/frr-7.4/zebra/zebra_rnh.c:111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:112:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_rnh.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_rnh.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_rnh.c:314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zebra_rnh.c:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rnh.c:543:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rnh.c:544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufp[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rnh.c:643:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:644:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_rnh.c:813:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufn[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_rnh.c:1069:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_rnh.c:1107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_routemap.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *zebra_import_table_routemap[AFI_MAX][ZEBRA_KERNEL_TABLE_MAX]; data/frr-7.4/zebra/zebra_routemap.c:364:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:543:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xpath_value[XPATH_MAXLEN]; data/frr-7.4/zebra/zebra_routemap.c:1423:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(arg); data/frr-7.4/zebra/zebra_routemap.c:1858:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[2]; data/frr-7.4/zebra/zebra_vty.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrstr[32]; data/frr-7.4/zebra/zebra_vty.c:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MPLS_LABEL_STRLEN]; data/frr-7.4/zebra/zebra_vty.c:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_vty.c:423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MPLS_LABEL_STRLEN]; data/frr-7.4/zebra/zebra_vty.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SRCDEST2STR_BUFFER]; data/frr-7.4/zebra/zebra_vty.c:537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char up_str[MONOTIME_STRLEN]; data/frr-7.4/zebra/zebra_vty.c:852:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_vty.c:892:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/frr-7.4/zebra/zebra_vty.c:2207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[ERR_STR_SZ]; data/frr-7.4/zebra/zebra_vty.c:2237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[ERR_STR_SZ]; data/frr-7.4/zebra/zebra_vty.c:2266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[ERR_STR_SZ]; data/frr-7.4/zebra/zebra_vty.c:2296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char err[ERR_STR_SZ]; data/frr-7.4/zebra/zebra_vty.c:2966:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&host_ip.ipaddr_v6, &ip->sin6.sin6_addr, data/frr-7.4/zebra/zebra_vxlan.c:432:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:433:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:577:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:578:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:707:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:726:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:727:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[MONOTIME_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:919:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:949:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1041:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1095:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[MONOTIME_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1477:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1516:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1587:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1648:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1649:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1683:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:1763:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1791:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:1969:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:2055:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vni_str[VNI_STR_LEN]; data/frr-7.4/zebra/zebra_vxlan.c:2113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2234:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_n.ip, ip, sizeof(struct ipaddr)); data/frr-7.4/zebra/zebra_vxlan.c:2238:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, mac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:2329:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.ip, ip, sizeof(struct ipaddr)); data/frr-7.4/zebra/zebra_vxlan.c:2346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2386:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2633:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&macaddr.octet, ifp->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:2644:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v4), &(c->address->u.prefix4), data/frr-7.4/zebra/zebra_vxlan.c:2648:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v6), &(c->address->u.prefix6), data/frr-7.4/zebra/zebra_vxlan.c:2666:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&macaddr.octet, ifp->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:2677:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v4), &(c->address->u.prefix4), data/frr-7.4/zebra/zebra_vxlan.c:2681:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v6), &(c->address->u.prefix6), data/frr-7.4/zebra/zebra_vxlan.c:2700:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&macaddr.octet, ifp->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:2705:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p, c->address, sizeof(struct prefix)); data/frr-7.4/zebra/zebra_vxlan.c:2728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2778:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:2822:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:2823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3012:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3013:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:3180:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:3285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3378:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_mac.macaddr, macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:3427:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:3493:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.macaddr, mac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:4443:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lookup.p, host, sizeof(*host)); data/frr-7.4/zebra/zebra_vxlan.c:4450:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hle, &lookup, sizeof(lookup)); data/frr-7.4/zebra/zebra_vxlan.c:4461:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lookup.p, host, sizeof(*host)); data/frr-7.4/zebra/zebra_vxlan.c:4482:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.macaddr, rmac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:4512:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_rmac.macaddr, rmac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:4590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4641:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4643:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4721:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp.ip, ip, sizeof(struct ipaddr)); data/frr-7.4/zebra/zebra_vxlan.c:4753:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_n.ip, ip, sizeof(struct ipaddr)); data/frr-7.4/zebra/zebra_vxlan.c:4759:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, mac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:4834:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4835:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4836:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4837:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf3[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:4865:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nh->emac, rmac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:5198:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rmac->octet, zl3vni->mac_vlan_if->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:5210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5211:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vrr_rmac, &svi_rmac, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:5409:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5442:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5471:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5472:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&n->emac, macaddr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:5812:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5813:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:5996:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ipv4_vtep.ipaddr_v4), &vtep_ip->ipaddr_v4, data/frr-7.4/zebra/zebra_vxlan.c:6309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:6949:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:6950:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7066:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7484:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7689:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7740:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7741:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7842:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7906:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:7953:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:8015:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:8477:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&macaddr.octet, ifp->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan.c:8481:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v4), &(p->u.prefix4), data/frr-7.4/zebra/zebra_vxlan.c:8485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ip.ipaddr_v6), &(p->u.prefix6), data/frr-7.4/zebra/zebra_vxlan.c:9121:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf1[INET_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:9122:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_buf2[INET_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:9756:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[INET6_ADDRSTRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:9757:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan.c:9808:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ETHER_ADDR_STRLEN]; data/frr-7.4/zebra/zebra_vxlan_private.h:266:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rmac->octet, zl3vni->svi_if->hw_addr, ETH_ALEN); data/frr-7.4/zebra/zebra_vxlan_private.h:502:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sg_str[PREFIX_SG_STR_LEN]; data/frr-7.4/zebra/zserv.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errmsg[256]; data/frr-7.4/zebra/zserv.c:883:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[ZEBRA_TIME_BUF], rbuf[ZEBRA_TIME_BUF]; data/frr-7.4/zebra/zserv.c:884:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wbuf[ZEBRA_TIME_BUF], nhbuf[ZEBRA_TIME_BUF], mbuf[ZEBRA_TIME_BUF]; data/frr-7.4/zebra/zserv.c:996:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PREFIX2STR_BUFFER]; data/frr-7.4/zebra/zserv.c:1058:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[ZEBRA_TIME_BUF], rbuf[ZEBRA_TIME_BUF]; data/frr-7.4/zebra/zserv.c:1059:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wbuf[ZEBRA_TIME_BUF]; data/frr-7.4/zebra/zserv.c:1150:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(input, O_RDONLY | O_NONBLOCK); data/frr-7.4/babeld/babel_interface.c:801:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(roughly(1000)); data/frr-7.4/babeld/babel_interface.c:811:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(roughly(10000)); data/frr-7.4/babeld/babel_interface.c:976:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(channels); data/frr-7.4/babeld/babel_interface.c:983:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(channels); data/frr-7.4/babeld/babel_main.c:302:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buf, 99); data/frr-7.4/babeld/babel_main.c:308:18: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. rc = sscanf(buf, "%99s %d %ld\n", buf2, &s, &t); data/frr-7.4/babeld/babel_main.c:344:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(roughly(10000)); data/frr-7.4/babeld/babeld.c:293:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(roughly(10000)); data/frr-7.4/babeld/babeld.c:302:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(roughly(10000)); data/frr-7.4/babeld/kernel.c:249:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buf, len); data/frr-7.4/babeld/util.c:284:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(buf[i]); data/frr-7.4/babeld/util.c:288:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(buf[i]); data/frr-7.4/bfdd/bfdd_nb_config.c:86:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(ifname) == 0) { data/frr-7.4/bfdd/control.c:123:10: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umval = umask(0); data/frr-7.4/bfdd/control.c:129:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umval); data/frr-7.4/bfdd/control.c:431:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bread = read(sd, &bcm, sizeof(bcm)); data/frr-7.4/bfdd/control.c:483:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bread = read(sd, &bcb->bcb_buf[bcb->bcb_pos], bcb->bcb_left); data/frr-7.4/bfdd/control.c:728:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jsonstrlen = strlen(jsonstr); data/frr-7.4/bfdd/control.c:758:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jsonstrlen = strlen(jsonstr); data/frr-7.4/bfdd/control.c:821:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jsonstrlen = strlen(jsonstr); data/frr-7.4/bgpd/bgp_aspath.c:2106:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (as->str_len && strlen(suffix)) data/frr-7.4/bgpd/bgp_bmp.c:287:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen (string); data/frr-7.4/bgpd/bgp_bmp.c:1296:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ":%u", data/frr-7.4/bgpd/bgp_bmp.c:1296:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), ":%u", data/frr-7.4/bgpd/bgp_clist.c:190:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (number = 0, i = 0; i < strlen(name); i++) { data/frr-7.4/bgpd/bgp_clist.c:198:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i == strlen(name)) { data/frr-7.4/bgpd/bgp_clist.c:491:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(str, strlen(str), "%u:%d", as, val); data/frr-7.4/bgpd/bgp_clist.c:1103:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(splits[i]) == 0) data/frr-7.4/bgpd/bgp_clist.h:183:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return jhash(name, strlen(name), 0xdeadbeaf); data/frr-7.4/bgpd/bgp_community.c:249:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" internet"); data/frr-7.4/bgpd/bgp_community.c:252:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" graceful-shutdown"); data/frr-7.4/bgpd/bgp_community.c:255:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" accept-own"); data/frr-7.4/bgpd/bgp_community.c:258:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" route-filter-translated-v4"); data/frr-7.4/bgpd/bgp_community.c:261:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" route-filter-v4"); data/frr-7.4/bgpd/bgp_community.c:264:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" route-filter-translated-v6"); data/frr-7.4/bgpd/bgp_community.c:267:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" route-filter-v6"); data/frr-7.4/bgpd/bgp_community.c:270:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" llgr-stale"); data/frr-7.4/bgpd/bgp_community.c:273:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" no-llgr"); data/frr-7.4/bgpd/bgp_community.c:276:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" accept-own-nexthop"); data/frr-7.4/bgpd/bgp_community.c:279:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" blackhole"); data/frr-7.4/bgpd/bgp_community.c:282:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" no-export"); data/frr-7.4/bgpd/bgp_community.c:285:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" no-advertise"); data/frr-7.4/bgpd/bgp_community.c:288:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" local-AS"); data/frr-7.4/bgpd/bgp_community.c:291:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" no-peer"); data/frr-7.4/bgpd/bgp_community.c:294:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(" 65536:65535"); data/frr-7.4/bgpd/bgp_community.c:667:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "internet", strlen("internet")) == 0) { data/frr-7.4/bgpd/bgp_community.c:670:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("internet"); data/frr-7.4/bgpd/bgp_community.c:673:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "graceful-shutdown", strlen("graceful-shutdown")) data/frr-7.4/bgpd/bgp_community.c:677:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("graceful-shutdown"); data/frr-7.4/bgpd/bgp_community.c:680:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "accept-own", strlen("accept-own")) data/frr-7.4/bgpd/bgp_community.c:684:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("accept-own"); data/frr-7.4/bgpd/bgp_community.c:688:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("route-filter-translated-v4")) data/frr-7.4/bgpd/bgp_community.c:692:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("route-filter-translated-v4"); data/frr-7.4/bgpd/bgp_community.c:695:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "route-filter-v4", strlen("route-filter-v4")) data/frr-7.4/bgpd/bgp_community.c:699:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("route-filter-v4"); data/frr-7.4/bgpd/bgp_community.c:703:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("route-filter-translated-v6")) data/frr-7.4/bgpd/bgp_community.c:707:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("route-filter-translated-v6"); data/frr-7.4/bgpd/bgp_community.c:710:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "route-filter-v6", strlen("route-filter-v6")) data/frr-7.4/bgpd/bgp_community.c:714:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("route-filter-v6"); data/frr-7.4/bgpd/bgp_community.c:717:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "llgr-stale", strlen("llgr-stale")) data/frr-7.4/bgpd/bgp_community.c:721:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("llgr-stale"); data/frr-7.4/bgpd/bgp_community.c:724:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "no-llgr", strlen("no-llgr")) data/frr-7.4/bgpd/bgp_community.c:728:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("no-llgr"); data/frr-7.4/bgpd/bgp_community.c:732:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("accept-own-nexthop")) data/frr-7.4/bgpd/bgp_community.c:736:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("accept-own-nexthop"); data/frr-7.4/bgpd/bgp_community.c:739:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "blackhole", strlen("blackhole")) data/frr-7.4/bgpd/bgp_community.c:743:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("blackhole"); data/frr-7.4/bgpd/bgp_community.c:746:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "no-export", strlen("no-export")) == 0) { data/frr-7.4/bgpd/bgp_community.c:749:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("no-export"); data/frr-7.4/bgpd/bgp_community.c:752:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "no-advertise", strlen("no-advertise")) == 0) { data/frr-7.4/bgpd/bgp_community.c:755:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("no-advertise"); data/frr-7.4/bgpd/bgp_community.c:758:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "local-AS", strlen("local-AS")) == 0) { data/frr-7.4/bgpd/bgp_community.c:761:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("local-AS"); data/frr-7.4/bgpd/bgp_community.c:764:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, "no-peer", strlen("no-peer")) == 0) { data/frr-7.4/bgpd/bgp_community.c:767:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("no-peer"); data/frr-7.4/bgpd/bgp_debug.c:384:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", origin %s", data/frr-7.4/bgpd/bgp_debug.c:384:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", origin %s", data/frr-7.4/bgpd/bgp_debug.c:390:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:390:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:396:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), "(%s)", data/frr-7.4/bgpd/bgp_debug.c:396:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), "(%s)", data/frr-7.4/bgpd/bgp_debug.c:404:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:404:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:408:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", metric %u", data/frr-7.4/bgpd/bgp_debug.c:408:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", metric %u", data/frr-7.4/bgpd/bgp_debug.c:412:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:412:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:417:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:417:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:421:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:421:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:425:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:425:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:430:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:430:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:436:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:436:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:439:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), " %s", data/frr-7.4/bgpd/bgp_debug.c:439:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), " %s", data/frr-7.4/bgpd/bgp_debug.c:444:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:444:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:448:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", path %s", data/frr-7.4/bgpd/bgp_debug.c:448:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), ", path %s", data/frr-7.4/bgpd/bgp_debug.c:453:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:453:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), size - strlen(buf), data/frr-7.4/bgpd/bgp_debug.c:457:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 1) data/frr-7.4/bgpd/bgp_dump.c:133:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oldumask = umask(0777 & ~LOGFILE_MASK); data/frr-7.4/bgpd/bgp_dump.c:139:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/frr-7.4/bgpd/bgp_dump.c:142:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/frr-7.4/bgpd/bgp_dump.c:239:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream_putw(obuf, strlen(bgp->name_pretty)); data/frr-7.4/bgpd/bgp_dump.c:240:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stream_put(obuf, bgp->name_pretty, strlen(bgp->name_pretty)); data/frr-7.4/bgpd/bgp_dump.c:587:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/frr-7.4/bgpd/bgp_filter.c:192:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (number = 0, i = 0; i < strlen(name); i++) { data/frr-7.4/bgpd/bgp_filter.c:200:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i == strlen(name)) { data/frr-7.4/bgpd/bgp_filter.c:388:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(regstr, valid_chars) == strlen(regstr)) data/frr-7.4/bgpd/bgp_io.c:453:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbytes = read(peer->fd, ibw, readsize); data/frr-7.4/bgpd/bgp_network.c:308:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(name)) { data/frr-7.4/bgpd/bgp_open.c:1554:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cmd_hostname_get()); data/frr-7.4/bgpd/bgp_open.c:1561:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cmd_domainname_get()); data/frr-7.4/bgpd/bgp_pbr.c:185:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. ptr += sprintf(ptr, "<"); data/frr-7.4/bgpd/bgp_pbr.c:187:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. ptr += sprintf(ptr, ">"); data/frr-7.4/bgpd/bgp_pbr.c:189:10: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. ptr += sprintf(ptr, "="); data/frr-7.4/bgpd/bgp_regex.c:49:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(regstr); data/frr-7.4/bgpd/bgp_regex.c:59:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(magic_regexp)); data/frr-7.4/bgpd/bgp_regex.c:60:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += strlen(magic_regexp); data/frr-7.4/bgpd/bgp_routemap.c:4342:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_comm_list]->arg) data/frr-7.4/bgpd/bgp_routemap.c:4343:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("exact-match") + 2); data/frr-7.4/bgpd/bgp_routemap.c:4389:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_lcomm_list]->arg) data/frr-7.4/bgpd/bgp_routemap.c:4390:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("exact-match") + 2); data/frr-7.4/bgpd/bgp_routemap.c:4818:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(argv[i]->arg, "additive", strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4829:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(argv[i]->arg, "internet", strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4834:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(argv[i]->arg, "local-AS", strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4839:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(argv[i]->arg, "no-a", strlen("no-a")) == 0 data/frr-7.4/bgpd/bgp_routemap.c:4841:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4846:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(argv[i]->arg, "no-e", strlen("no-e")) == 0 data/frr-7.4/bgpd/bgp_routemap.c:4847:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp(argv[i]->arg, "no-export", strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4853:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[i]->arg)) data/frr-7.4/bgpd/bgp_routemap.c:4881:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t argstr_sz = strlen(str) + strlen(" additive") + 1; data/frr-7.4/bgpd/bgp_routemap.c:4881:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t argstr_sz = strlen(str) + strlen(" additive") + 1; data/frr-7.4/bgpd/bgp_routemap.c:5279:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_number]->arg) data/frr-7.4/bgpd/bgp_routemap.c:5280:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(argv[idx_ipv4]->arg) + 2); data/frr-7.4/bgpd/bgp_routemap.c:5320:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_asn]->arg) + strlen(argv[idx_ip]->arg) data/frr-7.4/bgpd/bgp_routemap.c:5320:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_asn]->arg) + strlen(argv[idx_ip]->arg) data/frr-7.4/bgpd/bgp_rpki.c:373:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(rpki_sync_socket_bgpd, &rec, data/frr-7.4/bgpd/bgp_rpki.c:385:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(rpki_sync_socket_bgpd, &rec, sizeof(struct pfx_record)); data/frr-7.4/bgpd/bgp_updgrp.c:324:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(peer->group->name), SEED1), data/frr-7.4/bgpd/bgp_updgrp.c:329:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filter->map[RMAP_OUT].name), data/frr-7.4/bgpd/bgp_updgrp.c:335:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filter->dlist[FILTER_OUT].name), data/frr-7.4/bgpd/bgp_updgrp.c:341:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filter->plist[FILTER_OUT].name), data/frr-7.4/bgpd/bgp_updgrp.c:347:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filter->aslist[FILTER_OUT].name), data/frr-7.4/bgpd/bgp_updgrp.c:353:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filter->usmap.name), SEED1), data/frr-7.4/bgpd/bgp_updgrp.c:359:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(peer->default_rmap[afi][safi].name), data/frr-7.4/bgpd/bgp_updgrp.c:381:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key = jhash_1word(jhash(peer->host, strlen(peer->host), SEED2), data/frr-7.4/bgpd/bgp_vty.c:8845:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(neighbor_buf); data/frr-7.4/bgpd/bgpd.c:3032:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = 4 + 1 + strlen(n) + 1; /* "view foo\0" */ data/frr-7.4/bgpd/bgpd.c:3992:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msglen = msg ? strlen(msg) : 0; data/frr-7.4/bgpd/bgpd.c:5504:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = password ? strlen(password) : 0; data/frr-7.4/bgpd/rfapi/rfapi_nve_addr.c:149:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen(buf); data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1490:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(buf); data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1806:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = strlen(p); data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1818:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = strlen(p); data/frr-7.4/bgpd/rfapi/rfapi_vty.c:1830:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = strlen(p); data/frr-7.4/eigrpd/eigrp_packet.c:130:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, key->string, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:131:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key->string) < 16) data/frr-7.4/eigrpd/eigrp_packet.c:132:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, zeropad, 16 - strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:137:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, key->string, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:138:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key->string) < 16) data/frr-7.4/eigrpd/eigrp_packet.c:139:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, zeropad, 16 - strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:214:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, key->string, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:215:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key->string) < 16) data/frr-7.4/eigrpd/eigrp_packet.c:216:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, zeropad, 16 - strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:221:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, key->string, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:222:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key->string) < 16) data/frr-7.4/eigrpd/eigrp_packet.c:223:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MD5Update(&ctx, zeropad, 16 - strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:290:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buffer + 1, key, strlen(key->string)); data/frr-7.4/eigrpd/eigrp_packet.c:291:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buffer + 1 + strlen(key->string), source_ip, strlen(source_ip)); data/frr-7.4/eigrpd/eigrp_packet.c:291:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buffer + 1 + strlen(key->string), source_ip, strlen(source_ip)); data/frr-7.4/eigrpd/eigrp_packet.c:293:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + strlen(key->string) + strlen(source_ip)); data/frr-7.4/eigrpd/eigrp_packet.c:293:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + strlen(key->string) + strlen(source_ip)); data/frr-7.4/eigrpd/eigrp_packet.c:294:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HMAC__SHA256_Update(&ctx, ibuf, strlen(ibuf)); data/frr-7.4/isisd/isis_bpf.c:229:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytesread = read(circuit->fd, readbuff, readblen); data/frr-7.4/isisd/isis_circuit.c:1306:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(passwd); data/frr-7.4/isisd/isis_dlpi.c:328:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = devpath + strlen(devpath); data/frr-7.4/isisd/isis_misc.c:98:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dotlen = strlen(dotted); data/frr-7.4/isisd/isis_misc.c:148:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dotted) != 14) { data/frr-7.4/isisd/isis_misc.c:489:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(hexstr, bytestr, sizeof(hexstr) - strlen(hexstr) - 1); data/frr-7.4/isisd/isis_misc.c:489:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(hexstr, bytestr, sizeof(hexstr) - strlen(hexstr) - 1); data/frr-7.4/isisd/isis_misc.c:493:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(charstr, bytestr, data/frr-7.4/isisd/isis_misc.c:494:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(charstr) - strlen(charstr) - 1); data/frr-7.4/isisd/isis_misc.c:504:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(hexstr, " ", data/frr-7.4/isisd/isis_misc.c:505:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(hexstr) - strlen(hexstr) - 1); data/frr-7.4/isisd/isis_misc.c:506:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(charstr, " ", data/frr-7.4/isisd/isis_misc.c:507:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(charstr) - strlen(charstr) - 1); data/frr-7.4/isisd/isis_misc.c:513:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(hexstr) > 0) data/frr-7.4/isisd/isis_nb_config.c:482:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t bufsiz = strlen(area->area_tag) + sizeof("IS-IS Lx"); data/frr-7.4/isisd/isis_redist.c:344:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (routemap && strlen(routemap)) { data/frr-7.4/isisd/isis_tlvs.c:2135:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint8_t name_len = strlen(hostname); data/frr-7.4/isisd/isis_vty_fabricd.c:380:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(passwd) > 254) { data/frr-7.4/isisd/isis_vty_fabricd.c:720:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t bufsiz = strlen(area->area_tag) + sizeof("IS-IS Lx"); data/frr-7.4/isisd/isisd.c:1398:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (argv && strlen(argv) > 3) { data/frr-7.4/isisd/isisd.c:1399:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = argv + strlen(argv) - 3; data/frr-7.4/isisd/isisd.c:1667:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(passwd); data/frr-7.4/ldpd/control.c:63:14: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(S_IXUSR|S_IXGRP|S_IWOTH|S_IROTH|S_IXOTH); data/frr-7.4/ldpd/control.c:67:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/frr-7.4/ldpd/control.c:70:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/frr-7.4/ldpd/ldp_vty_conf.c:1084:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbrp->auth.md5key_len = strlen(nbrp->auth.md5key); data/frr-7.4/ldpd/ldp_vty_exec.c:233:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(addr) > 15) data/frr-7.4/ldpd/ldp_vty_exec.c:252:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:256:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:260:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:264:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:268:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:300:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(ifaces_buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:313:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(tnbrs_buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:533:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(addr) > 15) data/frr-7.4/ldpd/ldp_vty_exec.c:549:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t buflen = strlen(buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:1045:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dstnet) > 20) data/frr-7.4/ldpd/ldp_vty_exec.c:1086:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(sent_buffer); data/frr-7.4/ldpd/ldp_vty_exec.c:1093:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(rcvd_buffer); data/frr-7.4/ldpd/log.c:49:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + 1); data/frr-7.4/ldpd/log.c:54:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + 1); data/frr-7.4/ldpd/logmsg.c:212:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (snprintf(buf + strlen(buf), sizeof(buf) - data/frr-7.4/ldpd/logmsg.c:213:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), " (prefix, address-family %s)", data/frr-7.4/ldpd/logmsg.c:218:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (snprintf(buf + strlen(buf), sizeof(buf) - data/frr-7.4/ldpd/logmsg.c:219:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), " (pwid, type %s)", data/frr-7.4/ldpd/logmsg.c:224:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (snprintf(buf + strlen(buf), sizeof(buf) - data/frr-7.4/ldpd/logmsg.c:225:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), " (unknown type)") < 0) data/frr-7.4/ldpd/packet.c:434:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n = read(fd, tcp->rbuf->buf + tcp->rbuf->wpos, data/frr-7.4/ldpd/pfkey.c:278:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(sd, &hdr, sizeof(hdr)) == -1) { data/frr-7.4/ldpd/pfkey.c:318:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(sd, data, len) != len) { data/frr-7.4/lib/agentx.c:176:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[strlen(msg) - 1] = '\0'; data/frr-7.4/lib/bfd.c:201:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(if_name); data/frr-7.4/lib/buffer.c:181:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_put(b, c, strlen(c)); data/frr-7.4/lib/command.c:182:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vector_slot(result, i)) == 0) { data/frr-7.4/lib/command.c:425:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(host.motd))) data/frr-7.4/lib/command.c:612:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argsz = strlen(arg); data/frr-7.4/lib/command.c:615:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(item) >= argsz && !strncmp(item, arg, argsz)) data/frr-7.4/lib/command.c:635:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). itemlen = strlen(item); data/frr-7.4/lib/command.c:1528:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t config_file_sav_sz = strlen(config_file) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/lib/command.c:1528:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t config_file_sav_sz = strlen(config_file) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/lib/command.c:1534:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). config_file_tmp = XMALLOC(MTYPE_TMP, strlen(config_file) + 8); data/frr-7.4/lib/command.c:1535:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(config_file_tmp, strlen(config_file) + 8, "%s.XXXXXX", data/frr-7.4/lib/command.c:1737:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(word->arg) > HOSTNAME_LEN) { data/frr-7.4/lib/command_graph.c:88:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(varname), i; data/frr-7.4/lib/command_match.c:845:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). != strlen(str)) data/frr-7.4/lib/command_match.c:979:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen(word)) data/frr-7.4/lib/command_match.c:984:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(word) < strlen(token->text)) data/frr-7.4/lib/command_match.c:984:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(word) < strlen(token->text)) data/frr-7.4/lib/command_match.c:985:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(token->text, word, strlen(word)) ? partly_match data/frr-7.4/lib/command_match.c:989:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(word) == strlen(token->text)) data/frr-7.4/lib/command_match.c:989:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(word) == strlen(token->text)) data/frr-7.4/lib/command_match.c:990:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(token->text, word, strlen(word)) ? exact_match data/frr-7.4/lib/command_match.c:1015:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(word) > mac_explen + (prefix ? mask_len : 0)) data/frr-7.4/lib/csv.c:532:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(curr, ","); data/frr-7.4/lib/csv.c:540:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf((curr + strlen(curr)), (int)(ret - rec2->record + 1), "%s", data/frr-7.4/lib/csv.c:542:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(curr, "\n"); data/frr-7.4/lib/csv.c:543:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rec->rec_len = strlen(curr); data/frr-7.4/lib/csv.c:591:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rec->record, buf, pos - buf + 1); data/frr-7.4/lib/csv.c:647:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, 4095); data/frr-7.4/lib/csv.c:677:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/csv.c:677:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/csv.c:690:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/csv.c:690:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log_verbose("(%zu/%zu/%d/%d)\n", strlen(hdr1), strlen(hdr2), atoi(hdr1), data/frr-7.4/lib/db.c:192:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return db_prepare_len(stmt, strlen(stmt)); data/frr-7.4/lib/defaults.c:122:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(s->str, vspec, strlen(s->str))) data/frr-7.4/lib/defaults.c:132:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vspec += strlen(s->str); data/frr-7.4/lib/ferr.c:147:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(ubuf, '=', strlen(pbuf)); data/frr-7.4/lib/ferr.c:148:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ubuf[strlen(pbuf)] = '\0'; data/frr-7.4/lib/ferr.c:241:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error->unique_id = jhash(text, strlen(text), data/frr-7.4/lib/ferr.c:242:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jhash(file, strlen(file), 0xd4ed0298)); data/frr-7.4/lib/filter.c:271:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (number = 0, i = 0; i < strlen(name); i++) { data/frr-7.4/lib/filter.c:279:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i == strlen(name)) { data/frr-7.4/lib/filter.c:1804:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name_str) > ACL_NAMSIZ) { data/frr-7.4/lib/frr_zmq.c:78:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cb_msg) { data/frr-7.4/lib/frr_zmq.c:79:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_msg(cb->read.arg, cb->zmqsock); data/frr-7.4/lib/frr_zmq.c:79:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_msg(cb->read.arg, cb->zmqsock); data/frr-7.4/lib/frr_zmq.c:82:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cancelled) { data/frr-7.4/lib/frr_zmq.c:85:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.thread = NULL; data/frr-7.4/lib/frr_zmq.c:107:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_part(cb->read.arg, cb->zmqsock, &msg, data/frr-7.4/lib/frr_zmq.c:107:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_part(cb->read.arg, cb->zmqsock, &msg, data/frr-7.4/lib/frr_zmq.c:109:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cancelled) { data/frr-7.4/lib/frr_zmq.c:113:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.thread = NULL; data/frr-7.4/lib/frr_zmq.c:135:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/frr-7.4/lib/frr_zmq.c:140:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). &cb->read.thread, t->funcname, t->schedfrom, t->schedfrom_line); data/frr-7.4/lib/frr_zmq.c:146:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cb_error) data/frr-7.4/lib/frr_zmq.c:147:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_error(cb->read.arg, cb->zmqsock); data/frr-7.4/lib/frr_zmq.c:147:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_error(cb->read.arg, cb->zmqsock); data/frr-7.4/lib/frr_zmq.c:186:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.arg = arg; data/frr-7.4/lib/frr_zmq.c:187:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_msg = msgfunc; data/frr-7.4/lib/frr_zmq.c:188:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_part = partfunc; data/frr-7.4/lib/frr_zmq.c:189:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cb_error = errfunc; data/frr-7.4/lib/frr_zmq.c:190:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cancelled = false; data/frr-7.4/lib/frr_zmq.c:193:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.thread) { data/frr-7.4/lib/frr_zmq.c:194:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_cancel(cb->read.thread); data/frr-7.4/lib/frr_zmq.c:195:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.thread = NULL; data/frr-7.4/lib/frr_zmq.c:198:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). &cb->read.thread, funcname, schedfrom, data/frr-7.4/lib/frr_zmq.c:203:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). &cb->read.thread, funcname, schedfrom, fromln); data/frr-7.4/lib/frr_zmq.c:236:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frrzmq_check_events(cbp, &cb->read, ZMQ_POLLIN); data/frr-7.4/lib/frr_zmq.c:238:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cancelled && !cb->read.thread) data/frr-7.4/lib/frr_zmq.c:238:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (cb->read.cancelled && !cb->read.thread) data/frr-7.4/lib/frr_zmq.c:247:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frrzmq_check_events(cbp, &cb->read, ZMQ_POLLIN); data/frr-7.4/lib/frr_zmq.c:288:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cb->read.cancelled = true; data/frr-7.4/lib/frr_zmq.c:324:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((*cb)->read.cancelled && !(*cb)->read.thread data/frr-7.4/lib/frr_zmq.c:324:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((*cb)->read.cancelled && !(*cb)->read.thread data/frr-7.4/lib/frr_zmq.h:56:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). struct cb_core read; data/frr-7.4/lib/frrstr.c:87:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t joinlen = join ? strlen(join) : 0; data/frr-7.4/lib/frrstr.c:93:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(parts[i]); data/frr-7.4/lib/frrstr.c:102:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t arglen = strlen(parts[i]); data/frr-7.4/lib/frrstr.c:164:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t findlen = strlen(find); data/frr-7.4/lib/frrstr.c:165:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t repllen = strlen(replace); data/frr-7.4/lib/frrstr.c:169:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nusz = strlen(nustr) + repllen - findlen + 1; data/frr-7.4/lib/frrstr.c:174:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nustrlen = strlen(nustr); data/frr-7.4/lib/frrstr.c:190:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenstr = strlen(str); data/frr-7.4/lib/frrstr.c:191:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenprefix = strlen(prefix); data/frr-7.4/lib/frrstr.c:204:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenstr = strlen(str); data/frr-7.4/lib/frrstr.c:205:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lensuffix = strlen(suffix); data/frr-7.4/lib/getopt.c:228:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #if (!defined __STDC__ || !__STDC__) && !defined strlen data/frr-7.4/lib/getopt.c:231:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extern int strlen(const char *); data/frr-7.4/lib/getopt.c:414:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(orig_str); data/frr-7.4/lib/getopt.c:641:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). == (unsigned int)strlen(p->name)) { data/frr-7.4/lib/getopt.c:662:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:695:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:709:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:714:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:829:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). == strlen(p->name)) { data/frr-7.4/lib/getopt.c:850:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:869:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:882:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/getopt.c:888:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nextchar += strlen(nextchar); data/frr-7.4/lib/grammar_sandbox.c:123:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = strlen(tkn->text); data/frr-7.4/lib/grammar_sandbox.c:316:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *appendp = cmd + strlen(cmd); data/frr-7.4/lib/grammar_sandbox.c:321:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendp += strlen(appendp); data/frr-7.4/lib/grammar_sandbox.c:326:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i->cmd[strlen(cmd) - 1] = '\0'; data/frr-7.4/lib/hash.c:420:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char underln[sizeof(header) + strlen(frr_protonameinst)]; data/frr-7.4/lib/if.c:959:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(logbuf, inet_ntop(p->family, &p->u.prefix, buf, BUFSIZ), data/frr-7.4/lib/if.c:960:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). BUFSIZ - strlen(logbuf)); data/frr-7.4/lib/keychain.c:403:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(month_str) >= 3) data/frr-7.4/lib/keychain.c:405:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(month_str, month_name[i], strlen(month_str)) data/frr-7.4/lib/libfrr.c:188:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(path, ZAPI_TCP_PATHNAME, strlen(ZAPI_TCP_PATHNAME))) { data/frr-7.4/lib/libfrr.c:196:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path += strlen(ZAPI_TCP_PATHNAME); data/frr-7.4/lib/libfrr.c:269:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *sa_len = sizeof(suna->sun_family) + strlen(suna->sun_path); data/frr-7.4/lib/libfrr.c:305:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0027); data/frr-7.4/lib/libfrr.c:605:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). prev = umask(0022); data/frr-7.4/lib/libfrr.c:607:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(prev); data/frr-7.4/lib/log.c:642:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos += strlen(pos); data/frr-7.4/lib/log_vty.c:325:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sep ? (int)(sep - dest) : (int)strlen(dest); data/frr-7.4/lib/memory.c:122:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str ? mt_checkalloc(mt, strdup(str), strlen(str) + 1) : NULL; data/frr-7.4/lib/netns_linux.c:450:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (check_base != NULL && strlen(check_base) + 1 > NS_NAMSIZ) { data/frr-7.4/lib/network.c:36:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fd, ptr, nleft); data/frr-7.4/lib/northbound.c:1365:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(xpath + strlen(xpath), data/frr-7.4/lib/northbound.c:1366:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(xpath) - strlen(xpath), data/frr-7.4/lib/northbound.c:1421:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(xpath + strlen(xpath), data/frr-7.4/lib/northbound.c:1422:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(xpath) - strlen(xpath), "/%s:%s", data/frr-7.4/lib/northbound.c:1425:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(xpath + strlen(xpath), data/frr-7.4/lib/northbound.c:1426:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(xpath) - strlen(xpath), "/%s", data/frr-7.4/lib/northbound_db.c:96:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (db_bindf(ss, "%s%s%s", client_name, strlen(client_name), data/frr-7.4/lib/northbound_db.c:97:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). transaction->comment, strlen(transaction->comment), data/frr-7.4/lib/northbound_db.c:99:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). config_str ? strlen(config_str) : 0) data/frr-7.4/lib/pid_output.c:42:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oldumask = umask(0777 & ~PIDFILE_MASK); data/frr-7.4/lib/pid_output.c:48:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/frr-7.4/lib/pid_output.c:53:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldumask); data/frr-7.4/lib/pid_output.c:69:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pidsize = strlen(buf); data/frr-7.4/lib/plist.c:220:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (number = 0, i = 0; i < strlen(name); i++) { data/frr-7.4/lib/plist.c:228:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i == strlen(name)) { data/frr-7.4/lib/plist.c:887:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp("any", prefix, strlen(prefix)) == 0) { data/frr-7.4/lib/plist.c:907:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp("any", prefix, strlen(prefix)) == 0) { data/frr-7.4/lib/plist.c:1049:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp("any", prefix, strlen(prefix)) == 0) { data/frr-7.4/lib/plist.c:1062:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp("any", prefix, strlen(prefix)) == 0) { data/frr-7.4/lib/prefix.c:1013:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(buf); data/frr-7.4/lib/printf/glue.c:227:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ext->match, fmt, strlen(ext->match))) data/frr-7.4/lib/printf/glue.c:248:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(ext->match, fmt, strlen(ext->match))) data/frr-7.4/lib/printf/vfprintf.c:447:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(cp); data/frr-7.4/lib/printf/vfprintf.c:498:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(buf); data/frr-7.4/lib/printf/vfprintf.c:503:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (prec >= 0) ? strnlen(cp, prec) : strlen(cp); data/frr-7.4/lib/printf/vfprintf.c:553:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(cp); data/frr-7.4/lib/printf/vfprintf.c:586:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (prec >= 0) ? strnlen(cp, prec) : strlen(cp); data/frr-7.4/lib/ptm_lib.c:334:6: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(10000); data/frr-7.4/lib/ptm_lib.c:472:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(hdl->client_name, client_name, PTMLIB_MAXNAMELEN - 1); data/frr-7.4/lib/routemap.c:54:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(S, IPv4_PREFIX_LIST, strlen(IPv4_PREFIX_LIST)) == 0) data/frr-7.4/lib/routemap.c:56:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(S, IPv6_PREFIX_LIST, strlen(IPv6_PREFIX_LIST)) == 0) data/frr-7.4/lib/routemap.c:59:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(S, IPv4_MATCH_RULE, strlen(IPv4_MATCH_RULE)) == 0) data/frr-7.4/lib/routemap.c:61:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(S, IPv6_MATCH_RULE, strlen(IPv6_MATCH_RULE)) == 0) data/frr-7.4/lib/sockopt.c:618:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = password ? strlen(password) : 0; data/frr-7.4/lib/spf_backoff.c:203:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t offset = strlen(timebuf); data/frr-7.4/lib/srv6.c:75:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(str); data/frr-7.4/lib/stream.c:990:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((nbytes = read(fd, s->data + s->endp, size)) >= 0) { data/frr-7.4/lib/strlcat.c:39:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t src_length = strlen(src); data/frr-7.4/lib/strlcpy.c:38:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t src_length = strlen(src); data/frr-7.4/lib/termtable.c:321:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nl_len = strlen(newline); data/frr-7.4/lib/termtable.c:330:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cellw += (int)strlen(cell->text); data/frr-7.4/lib/termtable.c:345:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += strlen(newline); data/frr-7.4/lib/thread.c:181:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char underline[strlen(name) + 1]; data/frr-7.4/lib/thread.c:323:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char underline[strlen(name) + 1]; data/frr-7.4/lib/thread.c:340:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread = m->read[m->handler.pfds[i].fd]; data/frr-7.4/lib/thread.c:585:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_array_free(m, m->read); data/frr-7.4/lib/thread.c:741:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(m->io_pipe[0], &trash, sizeof(trash)) > 0) data/frr-7.4/lib/thread.c:769:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_array = m->read; data/frr-7.4/lib/thread.c:1064:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_array = master->read; data/frr-7.4/lib/thread.c:1247:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_array = m->read; data/frr-7.4/lib/thread.c:1291:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thread_process_io_helper(m, m->read[pfds[i].fd], POLLIN, data/frr-7.4/lib/thread.h:73:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). struct thread **read; data/frr-7.4/lib/vrf.c:620:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vrfname) > VRF_NAMSIZ) { data/frr-7.4/lib/vrf.c:967:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, name, strlen(name)+1); data/frr-7.4/lib/vty.c:115:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vty->frame_pos = strlen(vty->frame); data/frr-7.4/lib/vty.c:171:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/frr-7.4/lib/vty.c:179:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_put(vty->lbuf, (uint8_t *) firstline, strlen(firstline)); data/frr-7.4/lib/vty.c:208:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p[strlen(p) - 1] == '\n' && vector_active(lines) > 0 data/frr-7.4/lib/vty.c:209:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strlen(vector_slot(lines, vector_active(lines) - 1))) data/frr-7.4/lib/vty.c:231:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(filtered)); data/frr-7.4/lib/vty.c:246:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_put(vty->obuf, (uint8_t *)filtered, strlen(filtered)); data/frr-7.4/lib/vty.c:349:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = buf + strlen(buf); data/frr-7.4/lib/vty.c:623:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nwrite = MIN((int)strlen(str), VTY_BUFSIZ - vty->cp - 1); data/frr-7.4/lib/vty.c:675:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(vty->hist[vty->hp]); data/frr-7.4/lib/vty.c:992:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = XCALLOC(MTYPE_TMP, strlen(token->desc) + 1); data/frr-7.4/lib/vty.c:994:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = token->desc; strlen(p) > desc_width; p += pos + 1) { data/frr-7.4/lib/vty.c:1057:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(token->text); data/frr-7.4/lib/vty.c:1079:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (desc_width >= strlen(token->desc)) data/frr-7.4/lib/vty.c:1112:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (desc_width >= strlen(token->desc)) data/frr-7.4/lib/vty.c:1358:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((nbytes = read(vty->fd, buf, VTY_READ_BUFSIZ)) <= 0) { data/frr-7.4/lib/vty.c:1947:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_mask = umask(0007); data/frr-7.4/lib/vty.c:1965:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sizeof(serv.sun_family) + strlen(serv.sun_path); data/frr-7.4/lib/vty.c:1986:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_mask); data/frr-7.4/lib/vty.c:2090:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((nbytes = read(sock, buf, VTY_READ_BUFSIZ)) <= 0) { data/frr-7.4/lib/vty.c:2371:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fullpath_sav_sz = strlen(fullpath) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/lib/vty.c:2371:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fullpath_sav_sz = strlen(fullpath) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/lib/vty.c:2382:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullpath_tmp = malloc(strlen(fullpath) + 8); data/frr-7.4/lib/vty.c:2383:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(fullpath_tmp, strlen(fullpath) + 8, "%s.XXXXXX", fullpath); data/frr-7.4/lib/vty.c:2393:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = read(sav, buffer, 512)) > 0) { data/frr-7.4/lib/vty.c:2439:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cwd) + strlen(config_file) + 2); data/frr-7.4/lib/vty.c:2439:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cwd) + strlen(config_file) + 2); data/frr-7.4/lib/yang_wrappers.c:1158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(timebuf); data/frr-7.4/lib/zclient.c:1725:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vrfname_tmp) == 0) data/frr-7.4/lib/zlog.c:498:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->textlen = strlen(msg->text); data/frr-7.4/lib/zlog.c:538:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg->ts_dot = msg->ts_str + strlen(msg->ts_str); data/frr-7.4/lib/zlog.c:549:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len1 > strlen(msg->ts_str)) data/frr-7.4/lib/zlog.c:550:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(msg->ts_str); data/frr-7.4/lib/zlog.c:572:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(msg->ts_zonetail); data/frr-7.4/lib/zlog_targets.c:97:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[iovpos].iov_len = strlen(iov[iovpos].iov_base); data/frr-7.4/lib/zlog_targets.c:138:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[0].iov_len = zte->record_priority ? strlen(iov[0].iov_base) : 0; data/frr-7.4/nhrpd/linux.c:114:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, iface, IFNAMSIZ - 1); data/frr-7.4/nhrpd/nhrp_event.c:68:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buf, "result=%63s", result) != 1) data/frr-7.4/nhrpd/nhrp_event.c:157:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zbuf_put(zb, str, strlen(str)); data/frr-7.4/nhrpd/nhrp_event.c:163:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zb->tail += strlen((char *)zb->tail); data/frr-7.4/nhrpd/nhrp_event.c:175:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zbuf_put(zb, pos, strlen(pos)); data/frr-7.4/nhrpd/vici.c:36:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!b || b->len != (int)strlen(str)) data/frr-7.4/nhrpd/vici.c:68:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/frr-7.4/nhrpd/vici.c:308:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), buf, VICI_END); data/frr-7.4/nhrpd/vici.c:458:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/frr-7.4/nhrpd/vici.c:534:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(profile), profile, VICI_KEY_VALUE, "timeout", data/frr-7.4/nhrpd/vici.c:538:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf[0]), buf[0], VICI_KEY_VALUE, data/frr-7.4/nhrpd/vici.c:539:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "other-host", strlen(buf[1]), buf[1], VICI_END); data/frr-7.4/nhrpd/vici.c:556:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(addr.sun_family) + strlen(addr.sun_path)); data/frr-7.4/nhrpd/zbuf.c:87:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, zb->tail, maxlen); data/frr-7.4/nhrpd/zbuf.c:152:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t seplen = strlen(sep), len; data/frr-7.4/ospf6d/ospf6_abr.c:1333:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_asbr.c:1753:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_intra.c:824:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(&buf[strlen(buf)], "/%d", data/frr-7.4/ospf6d/ospf6_lsa.c:786:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int size = strlen(h->lh_name); data/frr-7.4/ospf6d/ospf6_lsa.c:832:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_lsa]->arg)) data/frr-7.4/ospf6d/ospf6_lsa.c:885:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(argv[idx_lsa]->arg)) data/frr-7.4/ospf6d/ospf6_spf.c:578:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) : end); data/frr-7.4/ospf6d/ospf6_spf.c:578:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) : end); data/frr-7.4/ospf6d/ospf6_spf.c:580:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) : end); data/frr-7.4/ospf6d/ospf6_spf.c:580:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) : end); data/frr-7.4/ospf6d/ospf6_spf.c:585:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) data/frr-7.4/ospf6d/ospf6_spf.c:585:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (buffer + strlen(buffer) < end ? buffer + strlen(buffer) data/frr-7.4/ospf6d/ospf6_spf.c:747:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prefix) + 4; data/frr-7.4/ospfd/ospf_spf.c:1380:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "R, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1380:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "R, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1382:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "N, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1382:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "N, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1384:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "S, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1384:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "S, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1386:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "AS, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1386:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "AS, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1388:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "ABR, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1388:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "ABR, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1390:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "ASBR, ", data/frr-7.4/ospfd/ospf_spf.c:1391:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1393:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(rbuf, "M, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1393:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(rbuf, "M, ", sizeof(rbuf) - strlen(rbuf) - 1); data/frr-7.4/ospfd/ospf_spf.c:1395:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t rbuflen = strlen(rbuf); data/frr-7.4/pbrd/pbr_nht.c:923:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return jhash(&nhgc->name, strlen(nhgc->name), 0x52c34a96); data/frr-7.4/pimd/mtracebis.c:506:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ifname)); data/frr-7.4/pimd/pim_mroute.c:766:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pim->vrf->name, strlen(pim->vrf->name))) { data/frr-7.4/pimd/pim_oil.c:51:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = buf + strlen(buf); data/frr-7.4/pimd/pim_oil.c:57:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(out); data/frr-7.4/pimd/pim_sock.c:88:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ifp->name)); data/frr-7.4/pimd/test_igmpv3_join.c:141:6: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (getchar() == EOF) data/frr-7.4/ripd/rip_cli.c:900:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(password) > 16) { data/frr-7.4/ripd/rip_routemap.c:442:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg); data/frr-7.4/ripd/ripd.c:2134:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(auth_str) == 0) data/frr-7.4/ripngd/ripng_routemap.c:209:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(arg); data/frr-7.4/tests/helpers/c/main.c:104:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0027); data/frr-7.4/tests/helpers/c/prng.c:71:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(string) < sizeof(buf)); data/frr-7.4/tests/helpers/c/prng.c:73:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, string, sizeof(buf)); data/frr-7.4/tests/helpers/c/prng.c:74:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charset_len = strlen(charset); data/frr-7.4/tests/helpers/c/prng.c:77:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = prng_rand(prng) % strlen(buf); data/frr-7.4/tests/helpers/c/prng.c:89:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) - offset); data/frr-7.4/tests/helpers/c/prng.c:93:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buf) + 1 < sizeof(buf)); data/frr-7.4/tests/helpers/c/prng.c:96:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf) + 1 - offset); data/frr-7.4/tests/isisd/test_fuzz_isis_tlv.c:43:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t rv_len = strlen(in) + 1; data/frr-7.4/tests/isisd/test_fuzz_isis_tlv.c:53:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rv, in, rv_len); data/frr-7.4/tests/lib/cli/common_cli.c:68:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0027); data/frr-7.4/tests/lib/cli/test_commands.c:195:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line)) data/frr-7.4/tests/lib/cli/test_commands.c:196:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = '\0'; data/frr-7.4/tests/lib/cli/test_commands.c:313:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(test_str) - 1])) { data/frr-7.4/tests/lib/northbound/test_oper_data.c:390:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0027); data/frr-7.4/tests/lib/test_buffer.c:37:22: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((argc != 2) || (sscanf(argv[1], "%d%1s", &n, junk) != 1)) { data/frr-7.4/tests/lib/test_nexthop_iter.c:35:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *buf = realloc(*buf, strlen(*buf) + strlen(repr) + 1); data/frr-7.4/tests/lib/test_nexthop_iter.c:35:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *buf = realloc(*buf, strlen(*buf) + strlen(repr) + 1); data/frr-7.4/tests/lib/test_nexthop_iter.c:37:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((*buf) + strlen(*buf), repr, strlen(repr) + 1); data/frr-7.4/tests/lib/test_nexthop_iter.c:37:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy((*buf) + strlen(*buf), repr, strlen(repr) + 1); data/frr-7.4/tests/lib/test_nexthop_iter.c:37:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy((*buf) + strlen(*buf), repr, strlen(repr) + 1); data/frr-7.4/tests/lib/test_ntop.c:55:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < strlen(buf1) + 1) data/frr-7.4/tests/lib/test_privs.c:76:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(0027); data/frr-7.4/tests/lib/test_ringbuf.c:134:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ringbuf_put(soil, organ, strlen(organ)) == 4); data/frr-7.4/tests/lib/test_ringbuf.c:135:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char water[strlen(organ) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:136:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ringbuf_get(soil, &water, strlen(organ)) == 4); data/frr-7.4/tests/lib/test_ringbuf.c:137:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). water[strlen(organ)] = '\0'; data/frr-7.4/tests/lib/test_ringbuf.c:147:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ringbuf_put(soil, phloem, strlen(phloem)) == 4); data/frr-7.4/tests/lib/test_ringbuf.c:148:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char xylem[strlen(phloem) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:150:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xylem[strlen(phloem)] = '\0'; data/frr-7.4/tests/lib/test_ringbuf.c:160:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ringbuf_put(soil, cytoplasm, strlen(cytoplasm)) == 4); data/frr-7.4/tests/lib/test_ringbuf.c:161:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char chloroplast[strlen(cytoplasm) + 1]; data/frr-7.4/tests/lib/test_ringbuf.c:164:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chloroplast[strlen(cytoplasm)] = '\0'; data/frr-7.4/tests/lib/test_ringbuf.c:179:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(ringbuf_put(soil, twenty, strlen(twenty)) == 15); data/frr-7.4/tests/lib/test_seqlock.c:49:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[0].iov_len = strlen(buf); data/frr-7.4/tests/lib/test_seqlock.c:51:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iov[1].iov_len = strlen(str); data/frr-7.4/tests/lib/test_timer_correctness.c:37:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define TIMESTR_LEN strlen("4294967296.999999") data/frr-7.4/tests/lib/test_zmq.c:63:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(syncfd, &dummy, 1); data/frr-7.4/tests/lib/test_zmq.c:81:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_send(zmqsock, buf, strlen(buf) + 1, 0); data/frr-7.4/tests/lib/test_zmq.c:104:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_msg_init_data(&part, dyn, strlen(dyn) + 1, data/frr-7.4/tests/lib/test_zmq.c:127:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_send(zmqsock, buf, strlen(buf) + 1, 0); data/frr-7.4/tests/lib/test_zmq.c:164:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(buf); i++) data/frr-7.4/tests/lib/test_zmq.c:169:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_send(zmqsock, buf, strlen(buf) + 1, 0); data/frr-7.4/tests/lib/test_zmq.c:200:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = XMALLOC(MTYPE_TESTBUF, strlen(in) + 1); data/frr-7.4/tests/lib/test_zmq.c:201:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(in); i++) data/frr-7.4/tests/lib/test_zmq.c:204:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_msg_init_data(&reply, out, strlen(out) + 1, msg_buf_free, NULL); data/frr-7.4/tests/lib/test_zmq.c:212:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_msg_init_data(&reply, out, strlen(out) + 1, msg_buf_free, NULL); data/frr-7.4/tests/lib/test_zmq.c:245:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(buf); i++) data/frr-7.4/tests/lib/test_zmq.c:249:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). zmq_send(zmqsock, buf, strlen(buf) + 1, 0); data/frr-7.4/tests/lib/test_zmq.c:255:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frrzmq_thread_cancel(&cb, &cb->read); data/frr-7.4/tests/lib/test_zmq.c:265:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). frrzmq_thread_cancel(&cb, &cb->read); data/frr-7.4/tools/frr-llvm-cg.c:212:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(names[i]) != len) data/frr-7.4/tools/frr-llvm-cg.c:401:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("_hook_typecheck_"))) { data/frr-7.4/tools/frr-llvm-cg.c:405:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hook_name = called_name + strlen("_hook_typecheck_"); data/frr-7.4/tools/frr-llvm-cg.c:618:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char tmpout[strlen(out) + 5]; data/frr-7.4/tools/gcc-plugins/frr-format.c:656:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen (s); data/frr-7.4/tools/gcc-plugins/frr-format.c:662:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alen = strlen (format_types[i].name); data/frr-7.4/tools/gcc-plugins/frr-format.c:1479:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen (m_flag_chars); data/frr-7.4/tools/gcc-plugins/frr-format.c:1964:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && strncmp (fli->name, format_chars, strlen (fli->name))) data/frr-7.4/tools/gcc-plugins/frr-format.c:1968:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_chars += strlen (fli->name); data/frr-7.4/tools/gcc-plugins/frr-format.c:2514:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp (etab->suffix, format_chars, strlen (etab->suffix))) data/frr-7.4/tools/gcc-plugins/frr-format.c:2528:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_chars += strlen (etab->suffix); data/frr-7.4/tools/gcc-plugins/frr-format.c:4328:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(s + 2, etab->suffix, MIN(strlen(s + 2), strlen(etab->suffix)))) data/frr-7.4/tools/gcc-plugins/frr-format.c:4328:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(s + 2, etab->suffix, MIN(strlen(s + 2), strlen(etab->suffix)))) data/frr-7.4/tools/gcc-plugins/gcc-common.h:585:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DECL_SECTION_NAME(node) = build_string(strlen(value) + 1, value); data/frr-7.4/tools/start-stop-daemon.c:266:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(nsdirname, "ipcns/", strlen("ipcns/"))) data/frr-7.4/tools/start-stop-daemon.c:268:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(nsdirname, "netns/", strlen("netns/"))) data/frr-7.4/tools/start-stop-daemon.c:270:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strncmp(nsdirname, "utcns/", strlen("utcns/"))) data/frr-7.4/tools/start-stop-daemon.c:451:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : (ptrdiff_t)strlen(schedule_str); data/frr-7.4/tools/start-stop-daemon.c:639:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && c != '(') data/frr-7.4/tools/start-stop-daemon.c:646:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) != EOF && c == *name) data/frr-7.4/tools/start-stop-daemon.c:756:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(what_stop, str, sizeof(what_stop)); data/frr-7.4/tools/start-stop-daemon.c:1039:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(022); /* set a default for dumb programs */ data/frr-7.4/vrrpd/vrrp.c:1121:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(r->mvl_ifp->name)); data/frr-7.4/vrrpd/vrrp.c:1158:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(r->vr->ifp->name)); data/frr-7.4/vrrpd/vrrp.c:1268:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(r->vr->ifp->name)); data/frr-7.4/vrrpd/vrrp_packet.c:192:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read, struct ipaddr *src, data/frr-7.4/vrrpd/vrrp_packet.c:217:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read >= sizeof(struct ip), data/frr-7.4/vrrpd/vrrp_packet.c:224:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ntohs(ip->ip_len) == read, data/frr-7.4/vrrpd/vrrp_packet.c:227:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ntohs(ip->ip_len), read); data/frr-7.4/vrrpd/vrrp_packet.c:263:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). pktsize = read; data/frr-7.4/vrrpd/vrrp_packet.h:199:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read, struct ipaddr *src, data/frr-7.4/vrrpd/vrrp_vty.c:418:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sipstr6) == 0 && vr->v6->src.ip.addr == 0x00) data/frr-7.4/vrrpd/vrrp_vty.c:487:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sipstr6) == 0 && vr->v6->src.ip.addr == 0x00) data/frr-7.4/vtysh/vtysh.c:219:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = write(vclient->fd, line, strlen(line) + 1); data/frr-7.4/vtysh/vtysh.c:227:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = write(vclient->fd, line, strlen(line) + 1); data/frr-7.4/vtysh/vtysh.c:235:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(vclient->fd, bufvalid, buf + bufsz - bufvalid - 1); data/frr-7.4/vtysh/vtysh.c:669:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(s); data/frr-7.4/vtysh/vtysh.c:764:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vty_buf_trimmed) == 3 data/frr-7.4/vtysh/vtysh.c:1019:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(token->text); data/frr-7.4/vtysh/vtysh.c:2894:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t integrate_sav_sz = strlen(fbackup) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/vtysh/vtysh.c:2894:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t integrate_sav_sz = strlen(fbackup) + strlen(CONF_BACKUP_EXT) + 1; data/frr-7.4/vtysh/vtysh.c:3530:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sizeof(addr.sun_family) + strlen(addr.sun_path); data/frr-7.4/vtysh/vtysh.c:3568:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lenstr = strlen(str); data/frr-7.4/vtysh/vtysh.c:3569:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lensuffix = strlen(suffix); data/frr-7.4/vtysh/vtysh_config.c:239:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" link-params")) data/frr-7.4/vtysh/vtysh_config.c:244:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" ip multicast boundary")) data/frr-7.4/vtysh/vtysh_config.c:248:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" ip igmp query-interval")) == 0) { data/frr-7.4/vtysh/vtysh_config.c:252:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" exit")) data/frr-7.4/vtysh/vtysh_config.c:258:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" exit-vrf")) data/frr-7.4/vtysh/vtysh_config.c:261:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(line, " vrrp", strlen(" vrrp")) data/frr-7.4/vtysh/vtysh_config.c:263:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(" no vrrp"))) { data/frr-7.4/vtysh/vtysh_config.c:265:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(line, " ip mroute", strlen(" ip mroute"))) { data/frr-7.4/vtysh/vtysh_config.c:279:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line, "interface", strlen("interface")) == 0) data/frr-7.4/vtysh/vtysh_config.c:281:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "pseudowire", strlen("pseudowire")) == 0) data/frr-7.4/vtysh/vtysh_config.c:283:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "vrf", strlen("vrf")) == 0) data/frr-7.4/vtysh/vtysh_config.c:285:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "nexthop-group", strlen("nexthop-group")) data/frr-7.4/vtysh/vtysh_config.c:288:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router-id", strlen("router-id")) == 0) data/frr-7.4/vtysh/vtysh_config.c:290:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router rip", strlen("router rip")) == 0) data/frr-7.4/vtysh/vtysh_config.c:292:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router ripng", strlen("router ripng")) data/frr-7.4/vtysh/vtysh_config.c:295:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router eigrp", strlen("router eigrp")) data/frr-7.4/vtysh/vtysh_config.c:298:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router babel", strlen("router babel")) data/frr-7.4/vtysh/vtysh_config.c:301:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router ospf", strlen("router ospf")) data/frr-7.4/vtysh/vtysh_config.c:304:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router ospf6", strlen("router ospf6")) data/frr-7.4/vtysh/vtysh_config.c:307:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "mpls ldp", strlen("mpls ldp")) == 0) data/frr-7.4/vtysh/vtysh_config.c:309:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "l2vpn", strlen("l2vpn")) == 0) data/frr-7.4/vtysh/vtysh_config.c:311:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router bgp", strlen("router bgp")) == 0) data/frr-7.4/vtysh/vtysh_config.c:313:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router isis", strlen("router isis")) data/frr-7.4/vtysh/vtysh_config.c:316:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "router openfabric", strlen("router openfabric")) data/frr-7.4/vtysh/vtysh_config.c:319:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "route-map", strlen("route-map")) == 0) data/frr-7.4/vtysh/vtysh_config.c:321:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "pbr-map", strlen("pbr-map")) == 0) data/frr-7.4/vtysh/vtysh_config.c:323:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "access-list", strlen("access-list")) data/frr-7.4/vtysh/vtysh_config.c:327:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ipv6 access-list")) data/frr-7.4/vtysh/vtysh_config.c:331:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("mac access-list")) data/frr-7.4/vtysh/vtysh_config.c:335:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ip prefix-list")) data/frr-7.4/vtysh/vtysh_config.c:339:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ipv6 prefix-list")) data/frr-7.4/vtysh/vtysh_config.c:343:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("bgp as-path access-list")) data/frr-7.4/vtysh/vtysh_config.c:347:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("bgp community-list")) data/frr-7.4/vtysh/vtysh_config.c:350:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("bgp extcommunity-list")) data/frr-7.4/vtysh/vtysh_config.c:353:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("bgp large-community-list")) data/frr-7.4/vtysh/vtysh_config.c:356:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ip route", strlen("ip route")) == 0) data/frr-7.4/vtysh/vtysh_config.c:358:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ipv6 route", strlen("ipv6 route")) == 0) data/frr-7.4/vtysh/vtysh_config.c:360:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "key", strlen("key")) == 0) data/frr-7.4/vtysh/vtysh_config.c:362:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "line", strlen("line")) == 0) data/frr-7.4/vtysh/vtysh_config.c:365:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ipv6 forwarding")) data/frr-7.4/vtysh/vtysh_config.c:368:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("ip forwarding")) data/frr-7.4/vtysh/vtysh_config.c:371:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "debug vrf", strlen("debug vrf")) == 0) data/frr-7.4/vtysh/vtysh_config.c:374:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("debug northbound")) data/frr-7.4/vtysh/vtysh_config.c:378:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("debug route-map")) data/frr-7.4/vtysh/vtysh_config.c:382:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("debug resolver")) == 0) data/frr-7.4/vtysh/vtysh_config.c:384:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "debug", strlen("debug")) == 0) data/frr-7.4/vtysh/vtysh_config.c:386:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "password", strlen("password")) == 0 data/frr-7.4/vtysh/vtysh_config.c:388:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("enable password")) data/frr-7.4/vtysh/vtysh_config.c:391:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ip protocol", strlen("ip protocol")) data/frr-7.4/vtysh/vtysh_config.c:394:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ipv6 protocol", strlen("ipv6 protocol")) data/frr-7.4/vtysh/vtysh_config.c:397:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ip nht", strlen("ip nht")) == 0) data/frr-7.4/vtysh/vtysh_config.c:399:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "ipv6 nht", strlen("ipv6 nht")) == 0) data/frr-7.4/vtysh/vtysh_config.c:401:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "mpls", strlen("mpls")) == 0) data/frr-7.4/vtysh/vtysh_config.c:403:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(line, "bfd", strlen("bfd")) == 0) data/frr-7.4/vtysh/vtysh_config.c:406:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line, "log", strlen("log")) == 0 data/frr-7.4/vtysh/vtysh_config.c:407:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "hostname", strlen("hostname")) data/frr-7.4/vtysh/vtysh_config.c:409:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "frr", strlen("frr")) == 0 data/frr-7.4/vtysh/vtysh_config.c:410:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "agentx", strlen("agentx")) == 0 data/frr-7.4/vtysh/vtysh_config.c:411:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "no log", strlen("no log")) == 0 data/frr-7.4/vtysh/vtysh_config.c:412:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "no ip prefix-list", strlen("no ip prefix-list")) == 0 data/frr-7.4/vtysh/vtysh_config.c:413:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || strncmp(line, "no ipv6 prefix-list", strlen("no ipv6 prefix-list")) == 0) data/frr-7.4/vtysh/vtysh_main.c:260:3: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500000); data/frr-7.4/watchfrr/watchfrr.c:210:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(dmn->name, dname, strlen(dmn->name)) == 0) data/frr-7.4/watchfrr/watchfrr.c:489:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char cmd[strlen(command) + strlen(restart->name) + 1]; data/frr-7.4/watchfrr/watchfrr.c:489:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char cmd[strlen(command) + strlen(restart->name) + 1]; data/frr-7.4/watchfrr/watchfrr.c:617:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((rc = read(dmn->fd, buf, sizeof(buf))) < 0) { data/frr-7.4/watchfrr/watchfrr.c:797:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sizeof(addr.sun_family) + strlen(addr.sun_path); data/frr-7.4/watchfrr/watchfrr.c:1098:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t bslen = strlen(blankstr); data/frr-7.4/watchfrr/watchfrr.c:1107:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p + 1, p + bslen, strlen(p + bslen) + 1); data/frr-7.4/watchfrr/watchfrr.c:1161:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/frr-7.4/watchfrr/watchfrr.c:1243:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%d%1s", &gs.loglevel, garbage) data/frr-7.4/watchfrr/watchfrr.c:1254:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%ld%1s", &gs.min_restart_interval, data/frr-7.4/watchfrr/watchfrr.c:1266:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%ld%1s", &gs.max_restart_interval, data/frr-7.4/watchfrr/watchfrr.c:1279:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%d%1s", &period, garbage) != 1) data/frr-7.4/watchfrr/watchfrr.c:1314:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%ld%1s", &gs.timeout, garbage) data/frr-7.4/watchfrr/watchfrr.c:1325:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((sscanf(optarg, "%ld%1s", &gs.restart_timeout, data/frr-7.4/watchfrr/watchfrr_vty.c:114:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(1, msg, strlen(msg)); data/frr-7.4/watchfrr/watchfrr_vty.c:186:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(integrated_result_fd, msg, strlen(msg)); data/frr-7.4/zebra/if_netlink.c:950:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(label) + 1); data/frr-7.4/zebra/interface.c:1191:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(str); data/frr-7.4/zebra/ipforward_proc.c:37:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (getc(fp) != '\n') data/frr-7.4/zebra/kernel_socket.c:1374:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbytes = read(sock, &buf, sizeof(buf)); data/frr-7.4/zebra/rtadv.c:2101:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). label_end = label_start + strlen(label_start); data/frr-7.4/zebra/rule_netlink.c:90:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rule->ifname) + 1); data/frr-7.4/zebra/zebra_dplane.c:2466:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ifc->label); data/frr-7.4/zebra/zebra_mlag.c:698:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.vrf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:710:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.intf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:730:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.vrf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:739:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.intf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:776:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.vrf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:789:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.intf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:848:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.vrf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:859:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vrf_name_len = strlen(msg.intf_name) + 1; data/frr-7.4/zebra/zebra_mlag.c:940:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int str_len = strlen(name) + 1; data/frr-7.4/zebra/zebra_mlag_private.c:94:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data_len = read(mlag_socket, mlag_rd_buffer + curr_len, data/frr-7.4/zebra/zebra_mlag_private.c:123:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). data_len = read(mlag_socket, mlag_rd_buffer + curr_len, data/frr-7.4/zebra/zebra_netns_notify.c:246:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd_monitor, buf, sizeof(buf)); data/frr-7.4/zebra/zebra_vxlan.c:714:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = strlen(buf); data/frr-7.4/zebra/zserv.c:790:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_mask = umask(0077); data/frr-7.4/zebra/zserv.c:833:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_mask); ANALYSIS SUMMARY: Hits = 4694 Lines analyzed = 638675 in approximately 14.87 seconds (42958 lines/second) Physical Source Lines of Code (SLOC) = 457855 Hits@level = [0] 1768 [1] 688 [2] 3688 [3] 44 [4] 269 [5] 5 Hits@level+ = [0+] 6462 [1+] 4694 [2+] 4006 [3+] 318 [4+] 274 [5+] 5 Hits/KSLOC@level+ = [0+] 14.1136 [1+] 10.2522 [2+] 8.74949 [3+] 0.694543 [4+] 0.598443 [5+] 0.0109205 Symlinks skipped = 10 (--allowlink overrides but see doc for security issue) Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.