Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glewlwyd-2.4.0/docs/resources/ulfius/glewlwyd_resource.c
Examining data/glewlwyd-2.4.0/docs/resources/ulfius/glewlwyd_resource.h
Examining data/glewlwyd-2.4.0/docs/resources/ulfius/oidc_resource.c
Examining data/glewlwyd-2.4.0/docs/resources/ulfius/oidc_resource.h
Examining data/glewlwyd-2.4.0/src/api_key.c
Examining data/glewlwyd-2.4.0/src/client.c
Examining data/glewlwyd-2.4.0/src/client/database.c
Examining data/glewlwyd-2.4.0/src/client/ldap.c
Examining data/glewlwyd-2.4.0/src/client/mock.c
Examining data/glewlwyd-2.4.0/src/glewlwyd-common.h
Examining data/glewlwyd-2.4.0/src/glewlwyd.c
Examining data/glewlwyd-2.4.0/src/glewlwyd.h
Examining data/glewlwyd-2.4.0/src/misc.c
Examining data/glewlwyd-2.4.0/src/module.c
Examining data/glewlwyd-2.4.0/src/plugin.c
Examining data/glewlwyd-2.4.0/src/plugin/mock.c
Examining data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c
Examining data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c
Examining data/glewlwyd-2.4.0/src/plugin/register.c
Examining data/glewlwyd-2.4.0/src/scheme/certificate.c
Examining data/glewlwyd-2.4.0/src/scheme/email.c
Examining data/glewlwyd-2.4.0/src/scheme/http.c
Examining data/glewlwyd-2.4.0/src/scheme/mock.c
Examining data/glewlwyd-2.4.0/src/scheme/oauth2.c
Examining data/glewlwyd-2.4.0/src/scheme/otp.c
Examining data/glewlwyd-2.4.0/src/scheme/password.c
Examining data/glewlwyd-2.4.0/src/scheme/webauthn.c
Examining data/glewlwyd-2.4.0/src/scope.c
Examining data/glewlwyd-2.4.0/src/session.c
Examining data/glewlwyd-2.4.0/src/static_file_callback.c
Examining data/glewlwyd-2.4.0/src/static_file_callback.h
Examining data/glewlwyd-2.4.0/src/user.c
Examining data/glewlwyd-2.4.0/src/user/database.c
Examining data/glewlwyd-2.4.0/src/user/http.c
Examining data/glewlwyd-2.4.0/src/user/ldap.c
Examining data/glewlwyd-2.4.0/src/user/mock.c
Examining data/glewlwyd-2.4.0/src/webservice.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_api_key.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_check_scope.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_mod_client.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_mod_plugin.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_mod_type.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_mod_user.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_admin_mod_user_auth_scheme.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_check_scheme.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_grant.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_password.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_profile.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_profile_get_scheme_available.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_profile_impersonate.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_scheme.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_scheme_register.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_scheme_trigger.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_auth_session_manage.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_crud_client.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_crud_scope.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_crud_user.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_mod_client_irl.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_mod_user_http.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_mod_user_irl.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_additional_parameters.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_auth_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_client_cred.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_client_secret.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_replay.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_delete_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_delete_token_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_device_authorization.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_implicit.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_irl.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_profile.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_profile_impersonate.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_manage.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_manage_session.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_token_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_resource_owner_pwd_cred.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_resource_owner_pwd_cred_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_scheme_required.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_token_introspection.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oauth2_token_revocation.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_additional_parameters.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_address_claim.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_auth_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_claims_scopes.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_cred.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_registration.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_registration_management.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_secret.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_idtoken.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_replay.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_delete_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_delete_token_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_device_authorization.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_discovery.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_token_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_token_code.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_none.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_irl.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwks_config.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwt_encrypted.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_only_no_refresh.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_optional_request_parameters.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_manage.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_manage_session.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_token_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_token_one_use.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_resource_owner_pwd_cred.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_resource_owner_pwd_cred_client_confidential.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_scheme_required.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_token.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_token_introspection.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_token_revocation.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_oidc_userinfo.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_profile_delete.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_register.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_http.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_oauth2.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_otp.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_retype_password.c
Examining data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c
Examining data/glewlwyd-2.4.0/test/unit-tests.c
Examining data/glewlwyd-2.4.0/test/unit-tests.h

FINAL RESULTS:

data/glewlwyd-2.4.0/src/misc.c:422:20:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
  if ((out_crypt = crypt(data, salt)) != NULL) {
data/glewlwyd-2.4.0/src/static_file_callback.c:105:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(file_path, F_OK) != -1) {
data/glewlwyd-2.4.0/src/glewlwyd.c:576:21:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
      next_option = getopt_long(argc, argv, short_options, long_options, NULL);
data/glewlwyd-2.4.0/src/glewlwyd.c:1021:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!config->port && (value = getenv(GLEWLWYD_ENV_PORT)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1032:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_BIND_ADDRESS)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1041:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_API_PREFIX)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1050:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_EXTERNAL_URL)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1059:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_LOGIN_URL)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1068:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_PROFILE_DELETE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1081:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_STATIC_FILES_PATH)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1090:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_STATIC_FILES_MIME_TYPES)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1109:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_ALLOW_ORIGIN)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1118:42:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!config->log_mode_args && (value = getenv(GLEWLWYD_ENV_LOG_MODE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1131:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((value2 = getenv(GLEWLWYD_ENV_LOG_FILE)) != NULL && o_strlen(value2)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1147:43:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!config->log_level_args && (value = getenv(GLEWLWYD_ENV_LOG_LEVEL)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1161:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_COOKIE_DOMAIN)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1169:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_COOKIE_SECURE)) != NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1173:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_SESSION_EXPIRATION)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1184:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_SESSION_KEY)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1193:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_ADMIN_SCOPE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1202:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_PROFILE_SCOPE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1211:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_USER_MODULE_PATH)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1220:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_CLIENT_MODULE_PATH)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1229:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_AUTH_SCHEME_MODULE_PATH)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1238:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_PLUGIN_MODULE_PATH)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1247:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_USE_SECURE_CONNECTION)) != NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1251:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_SECURE_CONNECTION_KEY_FILE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1260:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_SECURE_CONNECTION_PEM_FILE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1269:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_SECURE_CONNECTION_CA_FILE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1278:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_HASH_ALGORITHM)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1297:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv(GLEWLWYD_ENV_DATABASE_TYPE)) != NULL && o_strlen(value)) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1303:44:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((config->conn = h_connect_sqlite(getenv(GLEWLWYD_ENV_DATABASE_SQLITE3_PATH))) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1304:80:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        fprintf(stderr, "Error opening sqlite database '%s' (env), exiting\n", getenv(GLEWLWYD_ENV_DATABASE_SQLITE3_PATH));
data/glewlwyd-2.4.0/src/glewlwyd.c:1313:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      lvalue = strtol(getenv(GLEWLWYD_ENV_DATABASE_MARIADB_PORT), &endptr, 10);
data/glewlwyd-2.4.0/src/glewlwyd.c:1315:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((config->conn = h_connect_mariadb(getenv(GLEWLWYD_ENV_DATABASE_MARIADB_HOST), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_USER), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_PASSWORD), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_DBNAME), lvalue, NULL)) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1315:91:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((config->conn = h_connect_mariadb(getenv(GLEWLWYD_ENV_DATABASE_MARIADB_HOST), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_USER), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_PASSWORD), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_DBNAME), lvalue, NULL)) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1315:135:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((config->conn = h_connect_mariadb(getenv(GLEWLWYD_ENV_DATABASE_MARIADB_HOST), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_USER), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_PASSWORD), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_DBNAME), lvalue, NULL)) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1315:183:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((config->conn = h_connect_mariadb(getenv(GLEWLWYD_ENV_DATABASE_MARIADB_HOST), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_USER), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_PASSWORD), getenv(GLEWLWYD_ENV_DATABASE_MARIADB_DBNAME), lvalue, NULL)) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1316:68:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          fprintf(stderr, "Error opening mariadb database '%s'\n", getenv(GLEWLWYD_ENV_DATABASE_MARIADB_DBNAME));
data/glewlwyd-2.4.0/src/glewlwyd.c:1326:43:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((config->conn = h_connect_pgsql(getenv(GLEWLWYD_ENV_DATABASE_POSTGRE_CONNINFO))) == NULL) {
data/glewlwyd-2.4.0/src/glewlwyd.c:1327:79:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        fprintf(stderr, "Error opening postgre database %s (env), exiting\n", getenv(GLEWLWYD_ENV_DATABASE_POSTGRE_CONNINFO));
data/glewlwyd-2.4.0/docs/resources/ulfius/glewlwyd_resource.c:65:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (string_array_has_value((const char **)scope_list_token, scope_list_expected[i])) {
data/glewlwyd-2.4.0/docs/resources/ulfius/oidc_resource.c:66:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (string_array_has_value((const char **)scope_list_token, scope_list_expected[i])) {
data/glewlwyd-2.4.0/src/api_key.c:136:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char token[GLEWLWYD_API_KEY_LENGTH+1] = {0}, * token_hash, * tmp;
data/glewlwyd-2.4.0/src/client/database.c:423:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char password_b64_decoded[1024] = {0};
data/glewlwyd-2.4.0/src/client/ldap.c:975:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (o_base64_encode((const unsigned char *)result_values[0]->bv_val, result_values[0]->bv_len, NULL, &value_enc_len)) {
data/glewlwyd-2.4.0/src/client/ldap.c:977:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if (o_base64_encode((const unsigned char *)result_values[0]->bv_val, result_values[0]->bv_len, value_enc, &value_enc_len)) {
data/glewlwyd-2.4.0/src/client/ldap.c:1003:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              if (o_base64_encode((const unsigned char *)result_values[i]->bv_val, result_values[i]->bv_len, NULL, &value_enc_len)) {
data/glewlwyd-2.4.0/src/client/ldap.c:1005:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  if (o_base64_encode((const unsigned char *)result_values[i]->bv_val, result_values[i]->bv_len, value_enc, &value_enc_len)) {
data/glewlwyd-2.4.0/src/misc.c:50:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (file_path, "rb");
data/glewlwyd-2.4.0/src/misc.c:128:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char x[1];
data/glewlwyd-2.4.0/src/misc.c:255:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char encoded_key[128 + GLEWLWYD_DEFAULT_SALT_LENGTH + 1] = {0};
data/glewlwyd-2.4.0/src/misc.c:295:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(encoded_key+encoded_key_size, salt, GLEWLWYD_DEFAULT_SALT_LENGTH);
data/glewlwyd-2.4.0/src/misc.c:389:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char my_salt[GLEWLWYD_DEFAULT_SALT_LENGTH + 1] = {0};
data/glewlwyd-2.4.0/src/misc.c:395:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cur_salt, salt, GLEWLWYD_DEFAULT_SALT_LENGTH);
data/glewlwyd-2.4.0/src/misc.c:398:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cur_salt, my_salt, GLEWLWYD_DEFAULT_SALT_LENGTH);
data/glewlwyd-2.4.0/src/misc.c:401:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst+32, cur_salt, GLEWLWYD_DEFAULT_SALT_LENGTH);
data/glewlwyd-2.4.0/src/misc.c:415:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char salt[GLEWLWYD_DEFAULT_SALT_LENGTH+4] = {0},  * out_crypt;
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:289:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        value = url_encode((char *)u_map_get(map_url, keys[i]));
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:306:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        value = url_encode((char *)u_map_get(map_post_body, keys[i]));
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:425:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char salt[OAUTH2_SALT_LENGTH + 1] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:451:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char salt[OAUTH2_SALT_LENGTH + 1] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:619:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char salt[OAUTH2_SALT_LENGTH + 1] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:896:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char code_verifier_hash[32] = {0}, code_verifier_hash_b64[64] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:1288:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char token_hash_dec[128];
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:1367:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char token_hash_dec[128];
data/glewlwyd-2.4.0/src/plugin/protocol_oauth2.c:1798:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char device_code[GLEWLWYD_DEVICE_AUTH_DEVICE_CODE_LENGTH+1] = {0}, user_code[GLEWLWYD_DEVICE_AUTH_USER_CODE_LENGTH+2] = {0}, * device_code_hash = NULL, * user_code_hash = NULL;
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:1119:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[64] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:1691:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char at_hash[128] = {0}, c_hash[128] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:2508:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        value = url_encode((char *)u_map_get(map, keys[i]));
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:2653:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char code_verifier_hash[32] = {0}, code_verifier_hash_b64[64] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:3150:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char token_hash_dec[128];
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:3229:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char token_hash_dec[128];
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:3370:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(str_request, resp.binary_body, resp.binary_body_length);
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:4350:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char client_id[GLEWLWYD_CLIENT_ID_LENGTH+1] = {}, client_secret[GLEWLWYD_CLIENT_SECRET_LENGTH+1] = {}, client_management_at[GLEWLWYD_CLIENT_MANAGEMENT_AT_LENGTH+1] = {};
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:4683:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char salt[GLEWLWYD_DEFAULT_SALT_LENGTH+1] = {0}, * session_state = NULL, * origin = NULL, * intermediate = NULL;
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:4684:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char intermediate_hash[32] = {0}, intermediate_hash_b64[64] = {0};
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:4705:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char device_code[GLEWLWYD_DEVICE_AUTH_DEVICE_CODE_LENGTH+1] = {0}, user_code[GLEWLWYD_DEVICE_AUTH_USER_CODE_LENGTH+2] = {0}, * device_code_hash = NULL, * user_code_hash = NULL;
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:5291:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_digest[64];
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:5325:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_id[64] = {0}, self_cert_id[64] = {0}, * san = NULL;
data/glewlwyd-2.4.0/src/plugin/protocol_oidc.c:8731:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * token, jti[OIDC_JTI_LENGTH+1] = {0};
data/glewlwyd-2.4.0/src/plugin/register.c:139:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * code, * code_hash, * expires_at_clause, * tmp_body, * body, token[GLEWLWYD_TOKEN_LENGTH+1], * token_hash;
data/glewlwyd-2.4.0/src/plugin/register.c:627:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * expires_at_clause, session[GLEWLWYD_SESSION_ID_LENGTH+1] = {}, * session_hash = NULL;
data/glewlwyd-2.4.0/src/plugin/register.c:861:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char token[GLEWLWYD_TOKEN_LENGTH+1] = {0}, * token_hash = NULL, * body = NULL, * expires_at_clause;
data/glewlwyd-2.4.0/src/plugin/register.c:1165:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char token[GLEWLWYD_TOKEN_LENGTH+1] = {0}, * token_hash = NULL, * body = NULL, * expires_at_clause;
data/glewlwyd-2.4.0/src/plugin/register.c:1352:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char token[GLEWLWYD_TOKEN_LENGTH+1] = {}, * token_hash = NULL, * expires_at_clause;
data/glewlwyd-2.4.0/src/plugin/register.c:1401:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char code[GLEWLWYD_RESET_CREDENTIALS_CODE_LENGTH+1] = {}, code_formatted[GLEWLWYD_RESET_CREDENTIALS_CODE_LENGTH+(GLEWLWYD_RESET_CREDENTIALS_CODE_LENGTH/4)+1] = {}, * code_hash = NULL, * code_formatted_offset;
data/glewlwyd-2.4.0/src/plugin/register.c:1625:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * issued_for, expires[GLEWLWYD_DATE_BUFFER+1];
data/glewlwyd-2.4.0/src/plugin/register.c:1714:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char expires[GLEWLWYD_DATE_BUFFER+1];
data/glewlwyd-2.4.0/src/plugin/register.c:2154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char expires[GLEWLWYD_DATE_BUFFER+1];
data/glewlwyd-2.4.0/src/plugin/register.c:2211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char expires[GLEWLWYD_DATE_BUFFER+1], * issued_for;
data/glewlwyd-2.4.0/src/plugin/register.c:2253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char expires[GLEWLWYD_DATE_BUFFER+1], * issued_for;
data/glewlwyd-2.4.0/src/scheme/certificate.c:101:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_digest[64];
data/glewlwyd-2.4.0/src/scheme/certificate.c:723:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key_id_enc[256] = {0};
data/glewlwyd-2.4.0/src/scheme/certificate.c:766:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key_id_enc[256] = {0};
data/glewlwyd-2.4.0/src/scheme/certificate.c:1204:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key_id_enc[257] = {0};
data/glewlwyd-2.4.0/src/scheme/certificate.c:1503:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_id[257] = {};
data/glewlwyd-2.4.0/src/scheme/webauthn.c:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * cert_content, issued_for[128] = {};
data/glewlwyd-2.4.0/src/scheme/webauthn.c:84:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fl = fopen(path, "r");
data/glewlwyd-2.4.0/src/scheme/webauthn.c:246:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char new_user_id[USER_ID_LENGTH] = {0}, new_user_id_b64[USER_ID_LENGTH*2] = {0};
data/glewlwyd-2.4.0/src/scheme/webauthn.c:379:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_b64[challenge_len*2], challenge[challenge_len+1];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:380:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char session[SESSION_LENGTH+1] = {0}, * session_hash;
data/glewlwyd-2.4.0/src/scheme/webauthn.c:461:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_b64[challenge_len*2], challenge[challenge_len+1];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:462:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char session[SESSION_LENGTH+1] = {0}, * session_hash;
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1018:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cert_dn[128] = {0}, ** dn_exploded = NULL;
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1019:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char aaguid_oid[32];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1108:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char client_data_hash[32], cert_export[128], cert_export_b64[256];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1172:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data.data, cbor_bytestring_handle(auth_data), cbor_bytestring_length(auth_data));
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1173:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data.data + cbor_bytestring_length(auth_data), client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1278:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pubkey_export[1024] = {0}, cert_export[32] = {0}, cert_export_b64[64], client_data_hash[32], * nonce_base = NULL, nonce_base_hash[32], * nonce_base_hash_b64 = NULL, * header_cert_decoded = NULL;
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1335:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(nonce_base, cbor_bytestring_handle(auth_data), cbor_bytestring_length(auth_data));
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1336:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(nonce_base+cbor_bytestring_length(auth_data), client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1533:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data_signed[200], client_data_hash[32], cert_export[32], cert_export_b64[64];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1626:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+data_signed_offset, rpid_hash, rpid_hash_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1629:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+data_signed_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1632:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+data_signed_offset, credential_id, credential_id_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1638:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+data_signed_offset, cert_x, cert_x_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1641:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+data_signed_offset, cert_y, cert_y_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1967:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cert_x, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value));
data/glewlwyd-2.4.0/src/scheme/webauthn.c:1973:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cert_y, cbor_bytestring_handle(cbor_value), cbor_bytestring_length(cbor_value));
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2345:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed, auth_data, auth_data_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2346:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data_signed+auth_data_len, cdata_hash, cdata_hash_len);
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2467:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id[64] = {0}, credential_id_b64[129], created_at[32], name_hash[32];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2468:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * seed_credential_id, * seed_name, * seed_created_at, name[32];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2539:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char seed_hash[32] = {0};
data/glewlwyd-2.4.0/src/scheme/webauthn.c:2584:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char seed_hash[32];
data/glewlwyd-2.4.0/src/scheme/webauthn.c:3145:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char user_id_fake[64];
data/glewlwyd-2.4.0/src/session.c:616:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char session_id_str_array[GLEWLWYD_SESSION_ID_LENGTH + 1] = {};
data/glewlwyd-2.4.0/src/session.c:626:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char session_hash_url[128];
data/glewlwyd-2.4.0/src/session.c:683:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char session_hash_dec[128];
data/glewlwyd-2.4.0/src/static_file_callback.c:106:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      f = fopen (file_path, "rb");
data/glewlwyd-2.4.0/src/user/database.c:384:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char password_b64_decoded[1024] = {0};
data/glewlwyd-2.4.0/src/user/ldap.c:906:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (o_base64_encode((const unsigned char *)result_values[0]->bv_val, result_values[0]->bv_len, NULL, &value_enc_len)) {
data/glewlwyd-2.4.0/src/user/ldap.c:908:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if (o_base64_encode((const unsigned char *)result_values[0]->bv_val, result_values[0]->bv_len, value_enc, &value_enc_len)) {
data/glewlwyd-2.4.0/src/user/ldap.c:928:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              if (o_base64_encode((const unsigned char *)result_values[i]->bv_val, result_values[i]->bv_len, NULL, &value_enc_len)) {
data/glewlwyd-2.4.0/src/user/ldap.c:930:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  if (o_base64_encode((const unsigned char *)result_values[i]->bv_val, result_values[i]->bv_len, value_enc, &value_enc_len)) {
data/glewlwyd-2.4.0/src/webservice.c:236:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * session_uid, expires[129];
data/glewlwyd-2.4.0/src/webservice.c:2048:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * session_uid, expires[129];
data/glewlwyd-2.4.0/test/glewlwyd_auth_session_manage.c:24:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_agent[33];
data/glewlwyd-2.4.0/test/glewlwyd_auth_session_manage.c:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char user_agent[33], * session_hash = NULL, * session_hash_encoded = NULL, * cookie = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_additional_parameters.c:118:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_additional_parameters.c:120:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_additional_parameters.c:163:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_additional_parameters.c:165:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_manage.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_agent[33];
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_refresh_manage_session.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_agent[33];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_additional_parameters.c:122:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_additional_parameters.c:124:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_additional_parameters.c:168:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_additional_parameters.c:170:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)access_token_split[1], o_strlen(access_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:202:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:246:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:392:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:443:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:465:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:489:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:516:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:540:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:567:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:591:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:618:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:642:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:669:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:693:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:744:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:771:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:795:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:821:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:845:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:871:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0}, * claims_str, * claims_str_enc;
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:895:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1049:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1125:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1305:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1339:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * id_token, ** id_token_split, str_payload[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claim_request.c:1402:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claims_scopes.c:123:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char payload_dec[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claims_scopes.c:149:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), payload_dec, &payload_dec_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claims_scopes.c:177:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char payload_dec[1024] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_claims_scopes.c:202:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((const unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), payload_dec, &payload_dec_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c:75:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_1_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_2_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c:77:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_3_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c:84:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (file_path, "rb");
data/glewlwyd-2.4.0/test/glewlwyd_oidc_client_certificate.c:108:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_digest[128];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code.c:120:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code.c:122:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_code.c:110:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_code.c:112:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_token_code.c:89:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_token_code.c:91:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_token_code.c:158:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_hybrid_id_token_token_code.c:160:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token_token.c:85:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token_token.c:87:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token_token.c:142:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_implicit_id_token_token.c:144:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwks_config.c:1300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwks_config.c:1347:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwks_config.c:1394:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwks_config.c:1442:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwt_encrypted.c:1061:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_jwt_encrypted.c:1101:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[64] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_manage.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_agent[33];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_refresh_manage_session.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char user_agent[33];
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:925:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:971:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1017:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1064:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1202:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1294:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1341:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1390:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1808:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1850:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1891:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1936:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:1984:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2032:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2080:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2083:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2138:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2196:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[32] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2255:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char key[64] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_request_jwt.c:2258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char jti[12] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:113:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char hash[32] = {0}, hash_b64[128] = {0};
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:109:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:111:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:139:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:141:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:169:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:171:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:269:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:271:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:299:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:301:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:329:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), NULL, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_oidc_subject_type.c:331:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  ck_assert_int_eq(o_base64url_decode((unsigned char *)id_token_split[1], o_strlen(id_token_split[1]), (unsigned char *)str_payload, &str_payload_len), 1);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUF_SIZE], bufferout[BUF_SIZE];
data/glewlwyd-2.4.0/test/glewlwyd_register.c:107:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(bufferout, "220 ulfius.tld SMTP CCSMTP\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:130:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(bufferout, "500 Too long\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:179:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:182:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:185:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok recipient\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:188:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "354 Continue\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:192:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok reset\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:195:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok noop\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:198:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "221 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:202:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "502 Command Not Implemented\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:210:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_register.c:1164:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * cookie, error_code[MAIL_CODE_LEGTH+1];
data/glewlwyd-2.4.0/test/glewlwyd_register.c:1348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char * cookie, error_token[GLEWLWYD_TOKEN_LENGTH+1];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c:71:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_1_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c:72:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_2_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c:73:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char client_cert_3_id[128];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c:80:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (file_path, "rb");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_certificate.c:104:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cert_digest[128];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUF_SIZE], bufferout[BUF_SIZE];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:91:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(bufferout, "220 ulfius.tld SMTP CCSMTP\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:114:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(bufferout, "500 Too long\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:163:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:166:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:169:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok recipient\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:172:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "354 Continue\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:176:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok reset\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:179:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok noop\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:182:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "221 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:186:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "502 Command Not Implemented\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:194:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(bufferout, "250 Ok\r\n");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_otp.c:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char code[OTP_CODE_LEGTH+1], * secret_dec = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_otp.c:404:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char code[OTP_CODE_LEGTH+1], * secret_dec = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:206:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen (file_path, "rb");
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:539:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:603:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:620:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:656:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:682:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:685:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:688:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:694:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:697:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:797:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:862:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:879:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:915:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:941:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:944:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:947:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:953:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:956:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1056:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1121:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1174:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1200:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1203:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1315:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1381:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1398:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1434:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1460:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1463:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1466:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1472:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1475:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1575:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1640:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1657:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1693:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1719:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1722:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1725:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1731:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1734:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1834:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1899:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1916:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1952:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1978:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1981:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1984:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1990:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:1993:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2093:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2158:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2176:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2238:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2241:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2250:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2253:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2353:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2418:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2435:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2472:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2498:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2501:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2504:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2510:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2513:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2613:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2678:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2695:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2732:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2758:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2761:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2764:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2770:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2773:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2873:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2938:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2955:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:2991:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3017:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3020:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3023:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3029:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3032:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3132:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3197:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3214:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3250:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3276:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3279:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3282:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3288:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3291:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3391:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3456:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3473:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3509:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3535:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3538:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3541:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3547:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3550:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3650:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3715:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3732:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3768:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3794:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3797:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3800:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3806:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3809:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3909:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3974:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:3991:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4027:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4054:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4057:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4060:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4066:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4069:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4169:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4234:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4251:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4319:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4325:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4334:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4434:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4499:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4516:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4552:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4578:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4581:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4584:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4590:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4593:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4693:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4758:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4775:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4811:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4838:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4841:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4844:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4850:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4853:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:4953:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5018:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5035:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5071:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5097:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5100:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5103:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5109:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5112:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5212:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5277:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5294:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5330:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5356:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5360:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5363:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5369:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5372:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5472:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5537:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5554:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5590:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5616:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5623:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5629:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5632:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5732:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5797:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5814:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5850:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5876:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5879:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5882:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5889:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5892:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:5992:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6057:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6074:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6110:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6136:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6139:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6148:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6251:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6316:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6333:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6369:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6398:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6401:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6408:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6512:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6577:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6594:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6630:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6656:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6662:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6669:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6672:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6773:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6838:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6855:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6891:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6917:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6920:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6923:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6930:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:6933:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7033:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7098:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7115:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7177:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7180:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7183:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7190:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7193:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7294:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7359:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7438:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7441:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7444:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7451:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7454:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7554:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7636:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7672:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7698:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7701:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7704:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7711:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7714:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7815:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7880:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7897:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7933:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7959:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7962:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7965:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7972:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:7975:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8075:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8157:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8193:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8219:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8225:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8232:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8235:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8335:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8400:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8417:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8453:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8479:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8482:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8485:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8491:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8494:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8592:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8657:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8674:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8710:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8736:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8739:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8742:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8748:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8751:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8851:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8916:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8933:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8969:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8995:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:8998:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9001:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9007:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9010:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9108:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9173:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9190:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9226:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9252:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9255:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9258:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9267:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9365:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9430:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9447:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9483:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9509:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, auth_data, rp_id_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9512:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9515:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, credential_id_2, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9521:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_x.data, key_x.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9524:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+verification_data_offset, key_y.data, key_y.size);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9637:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9768:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:9898:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10029:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10160:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10292:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10424:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10555:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10687:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10819:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:10950:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11105:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11235:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11365:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11495:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTHENTICATOR_DATA_SIZE], auth_data_enc[AUTHENTICATOR_DATA_SIZE*2], * signature_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11620:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11640:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11660:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11687:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11753:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11770:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11806:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11837:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:11956:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12022:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12039:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12075:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12106:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12220:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12286:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12303:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12339:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12371:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12485:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12551:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12568:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12604:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12632:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12746:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12812:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12829:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12865:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:12896:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13011:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13077:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13094:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13130:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13161:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13276:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13342:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13359:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13395:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13426:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13540:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13606:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13623:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13690:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13805:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[1024], * att_obj_ser = NULL, * att_obj_ser_enc, nonce[NONCE_SIZE], nonce_hash[32], nonce_hash_enc[64], * cert_der_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13871:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13888:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13924:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:13955:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(nonce, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14068:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14132:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14150:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14186:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14217:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14218:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14315:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14379:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14397:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14433:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14464:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14465:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14563:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14627:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14645:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14681:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14712:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14713:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14810:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14874:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14892:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14928:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14960:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:14961:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15058:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15122:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15140:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15176:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15200:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15201:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15298:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15362:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15380:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15416:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15447:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15448:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15540:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15604:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15621:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15657:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15674:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15675:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15771:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15835:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15852:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15888:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15905:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:15906:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16003:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16067:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16084:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16120:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16306:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16370:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16388:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16424:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16455:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16456:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16553:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16617:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16635:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16671:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16702:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16703:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16800:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16864:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16882:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16918:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16949:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:16950:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17047:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17111:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17129:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17165:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17196:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17197:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17294:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17358:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17443:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17444:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17541:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17605:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17623:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17690:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17691:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17790:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], cert_der[16*1024], verification_data[256], client_data_hash[32], * att_obj_ser = NULL, * att_obj_ser_enc = NULL;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17854:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17872:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17908:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17939:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data, auth_data, auth_data_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:17940:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(verification_data+auth_data_len, client_data_hash, client_data_hash_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18063:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18121:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18141:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18186:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18212:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18234:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], * att_obj_ser = NULL, * att_obj_ser_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18298:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18315:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18351:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18440:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge_dec[WEBAUTHN_CHALLENGE_LEN], challenge_b64url[WEBAUTHN_CHALLENGE_LEN*2], * client_data_json_enc, credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2], credential_id_enc_url[WEBAUTHN_CREDENTIAL_ID_LEN*2], auth_data[AUTH_DATA_SIZE], aaguid[AAGUID_LEN] = AAGUID, pubkey_id[128], cbor_cose_dump[512], * att_obj_ser = NULL, * att_obj_ser_enc;
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18504:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), aaguid, AAGUID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18521:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), credential_id, WEBAUTHN_CREDENTIAL_ID_LEN);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18557:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((auth_data+auth_data_len), cbor_cose_dump, cbor_cose_dump_len);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_webauthn.c:18639:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char credential_id_enc[WEBAUTHN_CREDENTIAL_ID_LEN*2];
data/glewlwyd-2.4.0/src/misc.c:233:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char * pstr = (char *)str, * buf = o_malloc(strlen(str) * 3 + 1), * pbuf = buf;
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code.c:659:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            code = o_strdup(strstr(u_map_get(code_resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:163:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:197:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:231:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:265:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:299:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_challenge.c:351:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_client_confidential.c:236:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            code = o_strdup(strstr(u_map_get(code_resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_replay.c:83:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_code_replay.c:300:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oauth2_irl.c:147:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code.c:708:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            code = o_strdup(strstr(u_map_get(code_resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:166:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:200:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:234:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:268:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:302:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_challenge.c:354:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_client_confidential.c:196:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            code = o_strdup(strstr(u_map_get(code_resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_idtoken.c:187:90:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            code = o_strdup(strstr(u_map_get(code_resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_replay.c:84:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_code_replay.c:303:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_irl.c:147:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  code = o_strdup(strstr(u_map_get(resp.map_header, "Location"), "code=")+strlen("code="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:143:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  session_state = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "session_state=")+strlen("session_state="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:192:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  id_token = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "id_token=")+strlen("id_token="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:238:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  id_token = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "id_token=")+strlen("id_token="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:285:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  id_token = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "id_token=")+strlen("id_token="));
data/glewlwyd-2.4.0/test/glewlwyd_oidc_session_management.c:332:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  id_token = o_strdup(o_strstr(u_map_get(resp.map_header, "Location"), "id_token=")+strlen("id_token="));
data/glewlwyd-2.4.0/test/glewlwyd_register.c:108:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:131:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:180:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:183:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:186:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:189:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:193:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:196:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:199:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:203:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_register.c:211:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:92:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:115:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:164:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:167:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:170:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:173:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:177:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:180:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:183:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:187:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_mail.c:195:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        send(manager->sockfd, bufferout, strlen(bufferout), 0);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_otp.c:348:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ck_assert_int_eq(oath_base32_decode(OTP_USER_SECRET, strlen(OTP_USER_SECRET), &secret_dec, &secret_dec_len), OATH_OK);
data/glewlwyd-2.4.0/test/glewlwyd_scheme_otp.c:417:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ck_assert_int_eq(oath_base32_decode(OTP_USER_SECRET, strlen(OTP_USER_SECRET), &secret_dec, &secret_dec_len), OATH_OK);
data/glewlwyd-2.4.0/test/unit-tests.c:189:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char * pstr = (char*)str, * buf = malloc(strlen(str) * 3 + 1), * pbuf = buf;
data/glewlwyd-2.4.0/test/unit-tests.c:210:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char * pstr = (char*)str, * buf = malloc(strlen(str) + 1), * pbuf = buf;

ANALYSIS SUMMARY:

Hits = 827
Lines analyzed = 116704 in approximately 3.98 seconds (29355 lines/second)
Physical Source Lines of Code (SLOC) = 99552
Hits@level = [0] 188 [1]  55 [2] 731 [3]  39 [4]   2 [5]   0
Hits@level+ = [0+] 1015 [1+] 827 [2+] 772 [3+]  41 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 10.1957 [1+] 8.30722 [2+] 7.75474 [3+] 0.411845 [4+] 0.02009 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.