Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnunet-0.13.1/contrib/test_gnunet_prefix.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/014.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/003.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/009.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/006.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/002.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/013.1.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/024.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/015.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/018.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/023.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/013.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/021.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/008.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/010.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/026.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/005.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/022.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/020.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/019.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/004.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/testbed_test.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/011.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/012.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/001.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/007.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/016.c
Examining data/gnunet-0.13.1/doc/tutorial/examples/017.c
Examining data/gnunet-0.13.1/src/peerinfo/peerinfo.h
Examining data/gnunet-0.13.1/src/peerinfo/gnunet-service-peerinfo.c
Examining data/gnunet-0.13.1/src/peerinfo/peerinfo_api_notify.c
Examining data/gnunet-0.13.1/src/peerinfo/peerinfo_api.c
Examining data/gnunet-0.13.1/src/peerinfo/perf_peerinfo_api.c
Examining data/gnunet-0.13.1/src/peerinfo/test_peerinfo_api_friend_only.c
Examining data/gnunet-0.13.1/src/peerinfo/test_peerinfo_api_notify_friend_only.c
Examining data/gnunet-0.13.1/src/peerinfo/test_peerinfo_shipped_hellos.c
Examining data/gnunet-0.13.1/src/peerinfo/test_peerinfo_api.c
Examining data/gnunet-0.13.1/src/topology/gnunet-daemon-topology.c
Examining data/gnunet-0.13.1/src/topology/friends.c
Examining data/gnunet-0.13.1/src/topology/test_gnunet_daemon_topology.c
Examining data/gnunet-0.13.1/src/dns/dns.h
Examining data/gnunet-0.13.1/src/dns/plugin_block_dns.c
Examining data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c
Examining data/gnunet-0.13.1/src/dns/gnunet-dns-monitor.c
Examining data/gnunet-0.13.1/src/dns/dns_api.c
Examining data/gnunet-0.13.1/src/dns/gnunet-dns-redirector.c
Examining data/gnunet-0.13.1/src/dns/gnunet-zonewalk.c
Examining data/gnunet-0.13.1/src/dns/gnunet-service-dns.c
Examining data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c
Examining data/gnunet-0.13.1/src/statistics/test_statistics_api.c
Examining data/gnunet-0.13.1/src/statistics/statistics.h
Examining data/gnunet-0.13.1/src/statistics/test_statistics_api_watch.c
Examining data/gnunet-0.13.1/src/statistics/test_statistics_api_watch_zero_value.c
Examining data/gnunet-0.13.1/src/statistics/gnunet-statistics.c
Examining data/gnunet-0.13.1/src/statistics/test_statistics_api_loop.c
Examining data/gnunet-0.13.1/src/statistics/statistics_api.c
Examining data/gnunet-0.13.1/src/fragmentation/fragmentation.h
Examining data/gnunet-0.13.1/src/fragmentation/fragmentation.c
Examining data/gnunet-0.13.1/src/fragmentation/defragmentation.c
Examining data/gnunet-0.13.1/src/fragmentation/test_fragmentation_parallel.c
Examining data/gnunet-0.13.1/src/fragmentation/test_fragmentation.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_stun.h
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.h
Examining data/gnunet-0.13.1/src/nat/nat_api_stun.c
Examining data/gnunet-0.13.1/src/nat/nat_api.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat.h
Examining data/gnunet-0.13.1/src/nat/nat_stun.h
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_externalip.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c
Examining data/gnunet-0.13.1/src/nat/gnunet-helper-nat-server.c
Examining data/gnunet-0.13.1/src/nat/gnunet-nat.c
Examining data/gnunet-0.13.1/src/nat/nat.h
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_stun.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_externalip.h
Examining data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.h
Examining data/gnunet-0.13.1/src/nat/gnunet-helper-nat-client.c
Examining data/gnunet-0.13.1/src/json/json_gnsrecord.c
Examining data/gnunet-0.13.1/src/json/json_mhd.c
Examining data/gnunet-0.13.1/src/json/test_json.c
Examining data/gnunet-0.13.1/src/json/test_json_mhd.c
Examining data/gnunet-0.13.1/src/json/json_helper.c
Examining data/gnunet-0.13.1/src/json/json_generator.c
Examining data/gnunet-0.13.1/src/json/json.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core.h
Examining data/gnunet-0.13.1/src/core/test_core_api_start_only.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_kx.c
Examining data/gnunet-0.13.1/src/core/core.h
Examining data/gnunet-0.13.1/src/core/test_core_api_reliability.c
Examining data/gnunet-0.13.1/src/core/test_core_api_send_to_self.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_typemap.h
Examining data/gnunet-0.13.1/src/core/core_api_monitor_peers.c
Examining data/gnunet-0.13.1/src/core/test_core_api.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_kx.h
Examining data/gnunet-0.13.1/src/core/test_core_quota_compliance.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_sessions.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_sessions.h
Examining data/gnunet-0.13.1/src/core/core_api.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core.c
Examining data/gnunet-0.13.1/src/core/gnunet-service-core_typemap.c
Examining data/gnunet-0.13.1/src/core/gnunet-core.c
Examining data/gnunet-0.13.1/src/peerinfo-tool/gnunet-peerinfo.c
Examining data/gnunet-0.13.1/src/peerinfo-tool/gnunet-peerinfo_plugins.c
Examining data/gnunet-0.13.1/src/peerinfo-tool/gnunet-peerinfo_plugins.h
Examining data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c
Examining data/gnunet-0.13.1/src/hostlist/test_gnunet_daemon_hostlist_reconnect.c
Examining data/gnunet-0.13.1/src/hostlist/test_gnunet_daemon_hostlist.c
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist.c
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.h
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_server.h
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist.h
Examining data/gnunet-0.13.1/src/hostlist/test_gnunet_daemon_hostlist_learning.c
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c
Examining data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_server.c
Examining data/gnunet-0.13.1/src/regex/regex_internal.c
Examining data/gnunet-0.13.1/src/regex/gnunet-service-regex.c
Examining data/gnunet-0.13.1/src/regex/regex_block_lib.h
Examining data/gnunet-0.13.1/src/regex/regex_api_announce.c
Examining data/gnunet-0.13.1/src/regex/test_regex_graph_api.c
Examining data/gnunet-0.13.1/src/regex/regex_api_search.c
Examining data/gnunet-0.13.1/src/regex/regex_test_lib.c
Examining data/gnunet-0.13.1/src/regex/test_regex_eval_api.c
Examining data/gnunet-0.13.1/src/regex/gnunet-regex-profiler.c
Examining data/gnunet-0.13.1/src/regex/regex_block_lib.c
Examining data/gnunet-0.13.1/src/regex/perf-regex.c
Examining data/gnunet-0.13.1/src/regex/gnunet-regex-simulation-profiler.c
Examining data/gnunet-0.13.1/src/regex/regex_test_lib.h
Examining data/gnunet-0.13.1/src/regex/regex_internal_dht.c
Examining data/gnunet-0.13.1/src/regex/regex_internal_lib.h
Examining data/gnunet-0.13.1/src/regex/regex_test_graph.c
Examining data/gnunet-0.13.1/src/regex/regex_internal.h
Examining data/gnunet-0.13.1/src/regex/test_regex_integration.c
Examining data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c
Examining data/gnunet-0.13.1/src/regex/plugin_block_regex.c
Examining data/gnunet-0.13.1/src/regex/gnunet-daemon-regexprofiler.c
Examining data/gnunet-0.13.1/src/regex/regex_test_random.c
Examining data/gnunet-0.13.1/src/regex/test_regex_api.c
Examining data/gnunet-0.13.1/src/regex/test_regex_proofs.c
Examining data/gnunet-0.13.1/src/regex/regex_ipc.h
Examining data/gnunet-0.13.1/src/zonemaster/gnunet-service-zonemaster-monitor.c
Examining data/gnunet-0.13.1/src/zonemaster/gnunet-service-zonemaster.c
Examining data/gnunet-0.13.1/src/arm/gnunet-arm.c
Examining data/gnunet-0.13.1/src/arm/arm_api.c
Examining data/gnunet-0.13.1/src/arm/test_gnunet_service_arm.c
Examining data/gnunet-0.13.1/src/arm/mockup-service.c
Examining data/gnunet-0.13.1/src/arm/test_arm_api.c
Examining data/gnunet-0.13.1/src/arm/arm.h
Examining data/gnunet-0.13.1/src/arm/gnunet-service-arm.c
Examining data/gnunet-0.13.1/src/arm/arm_monitor_api.c
Examining data/gnunet-0.13.1/src/arm/test_exponential_backoff.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_hello.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_paths.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_peer.c
Examining data/gnunet-0.13.1/src/cadet/cadet_api_list_tunnels.c
Examining data/gnunet-0.13.1/src/cadet/cadet_api_list_peers.c
Examining data/gnunet-0.13.1/src/cadet/cadet_api.c
Examining data/gnunet-0.13.1/src/cadet/cadet_test_lib.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_dht.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_connection.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_core.h
Examining data/gnunet-0.13.1/src/cadet/cadet_api_get_path.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_connection.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_paths.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_channel.h
Examining data/gnunet-0.13.1/src/cadet/cadet_api_get_channel.c
Examining data/gnunet-0.13.1/src/cadet/cadet_api_helper.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_channel.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_dht.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_core.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_hello.c
Examining data/gnunet-0.13.1/src/cadet/cadet_protocol.h
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_peer.h
Examining data/gnunet-0.13.1/src/cadet/cadet_test_lib.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet.h
Examining data/gnunet-0.13.1/src/cadet/test_cadet.c
Examining data/gnunet-0.13.1/src/cadet/test_cadet_local_mq.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_tunnels.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_tunnels.h
Examining data/gnunet-0.13.1/src/cadet/cadet.h
Examining data/gnunet-0.13.1/src/cadet/cadet_api_drop_message.c
Examining data/gnunet-0.13.1/src/cadet/gnunet-cadet.c
Examining data/gnunet-0.13.1/src/nat-auto/nat_auto_api_test.c
Examining data/gnunet-0.13.1/src/nat-auto/nat_auto_api.c
Examining data/gnunet-0.13.1/src/nat-auto/gnunet-nat-server.c
Examining data/gnunet-0.13.1/src/nat-auto/gnunet-nat-auto.c
Examining data/gnunet-0.13.1/src/nat-auto/nat-auto.h
Examining data/gnunet-0.13.1/src/nat-auto/gnunet-service-nat-auto.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_statistics.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_topology_clique.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api.h
Examining data/gnunet-0.13.1/src/testbed/test_gnunet_helper_testbed.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_services.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_test.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_3peers_3controllers.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_testbed.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_barriers.h
Examining data/gnunet-0.13.1/src/testbed/testbed_api_hosts.h
Examining data/gnunet-0.13.1/src/testbed/testbed_api_peers.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-helper-testbed.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_operations.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_operations.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_barriers.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_topology.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-daemon-testbed-blacklist.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_peers.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_underlay.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_test_timeout.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_oc.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-test-barriers.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_2peers_1controller.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cache.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_topology.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_links.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_connectionpool.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-testbed-profiler.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-daemon-latency-logger.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_test.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_barriers.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_peers_manage_services.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_barriers.c
Examining data/gnunet-0.13.1/src/testbed/testbed.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-daemon-testbed-underlay.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_hosts.c
Examining data/gnunet-0.13.1/src/testbed/generate-underlay-topology.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_peers.h
Examining data/gnunet-0.13.1/src/testbed/testbed_api_topology.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_peer_reconfiguration.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_links.h
Examining data/gnunet-0.13.1/src/testbed/testbed_api_sd.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api.c
Examining data/gnunet-0.13.1/src/testbed/testbed_helper.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.h
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_testbed_run.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_sd.h
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_connectionpool.c
Examining data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cpustatus.c
Examining data/gnunet-0.13.1/src/testbed/testbed_api_operations.h
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_sd.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_barriers.h
Examining data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_controllerlink.c
Examining data/gnunet-0.13.1/src/testbed/test_testbed_api_statistics.c
Examining data/gnunet-0.13.1/src/exit/exit.h
Examining data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c
Examining data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c
Examining data/gnunet-0.13.1/src/nt/nt.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record.c
Examining data/gnunet-0.13.1/src/conversation/microphone.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record-gst.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-conversation-test.c
Examining data/gnunet-0.13.1/src/conversation/plugin_gnsrecord_conversation.c
Examining data/gnunet-0.13.1/src/conversation/conversation_api_call.c
Examining data/gnunet-0.13.1/src/conversation/gnunet_gst.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback-gst.c
Examining data/gnunet-0.13.1/src/conversation/conversation_api.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-conversation.c
Examining data/gnunet-0.13.1/src/conversation/test_conversation_api.c
Examining data/gnunet-0.13.1/src/conversation/test_conversation_api_reject.c
Examining data/gnunet-0.13.1/src/conversation/speaker.c
Examining data/gnunet-0.13.1/src/conversation/gnunet_gst_test.c
Examining data/gnunet-0.13.1/src/conversation/test_conversation_api_twocalls.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c
Examining data/gnunet-0.13.1/src/conversation/gnunet-service-conversation.c
Examining data/gnunet-0.13.1/src/conversation/conversation.h
Examining data/gnunet-0.13.1/src/vpn/gnunet-vpn.c
Examining data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c
Examining data/gnunet-0.13.1/src/vpn/vpn.h
Examining data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c
Examining data/gnunet-0.13.1/src/vpn/vpn_api.c
Examining data/gnunet-0.13.1/src/block/plugin_block_test.c
Examining data/gnunet-0.13.1/src/block/bg_bf.c
Examining data/gnunet-0.13.1/src/block/plugin_block_template.c
Examining data/gnunet-0.13.1/src/block/block.c
Examining data/gnunet-0.13.1/src/identity/plugin_rest_identity.c
Examining data/gnunet-0.13.1/src/identity/identity.h
Examining data/gnunet-0.13.1/src/identity/identity_api.c
Examining data/gnunet-0.13.1/src/identity/gnunet-identity.c
Examining data/gnunet-0.13.1/src/identity/test_identity_defaults.c
Examining data/gnunet-0.13.1/src/identity/test_identity.c
Examining data/gnunet-0.13.1/src/identity/gnunet-service-identity.c
Examining data/gnunet-0.13.1/src/identity/identity_api_lookup.c
Examining data/gnunet-0.13.1/src/identity/identity_api_suffix_lookup.c
Examining data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_block_expiration.c
Examining data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_serialization.c
Examining data/gnunet-0.13.1/src/gnsrecord/gnsrecord.c
Examining data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c
Examining data/gnunet-0.13.1/src/gnsrecord/gnsrecord_misc.c
Examining data/gnunet-0.13.1/src/gnsrecord/gnunet-gnsrecord-tvg.c
Examining data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_crypto.c
Examining data/gnunet-0.13.1/src/gnsrecord/gnsrecord_serialization.c
Examining data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c
Examining data/gnunet-0.13.1/src/gnsrecord/perf_gnsrecord_crypto.c
Examining data/gnunet-0.13.1/src/template/gnunet-template.c
Examining data/gnunet-0.13.1/src/template/test_template_api.c
Examining data/gnunet-0.13.1/src/template/gnunet-service-template.c
Examining data/gnunet-0.13.1/src/util/crypto_crc.c
Examining data/gnunet-0.13.1/src/util/test_configuration.c
Examining data/gnunet-0.13.1/src/util/test_client.c
Examining data/gnunet-0.13.1/src/util/test_resolver_api.c
Examining data/gnunet-0.13.1/src/util/service.c
Examining data/gnunet-0.13.1/src/util/test_getopt.c
Examining data/gnunet-0.13.1/src/util/speedup.c
Examining data/gnunet-0.13.1/src/util/perf_malloc.c
Examining data/gnunet-0.13.1/src/util/crypto_kdf.c
Examining data/gnunet-0.13.1/src/util/test_crypto_rsa.c
Examining data/gnunet-0.13.1/src/util/os_installation.c
Examining data/gnunet-0.13.1/src/util/test_container_bloomfilter.c
Examining data/gnunet-0.13.1/src/util/test_common_logging.c
Examining data/gnunet-0.13.1/src/util/test_container_meta_data.c
Examining data/gnunet-0.13.1/src/util/perf_crypto_ecc_dlog.c
Examining data/gnunet-0.13.1/src/util/test_container_dll.c
Examining data/gnunet-0.13.1/src/util/test_regex.c
Examining data/gnunet-0.13.1/src/util/gnunet-scrypt.c
Examining data/gnunet-0.13.1/src/util/configuration.c
Examining data/gnunet-0.13.1/src/util/program.c
Examining data/gnunet-0.13.1/src/util/test_crypto_random.c
Examining data/gnunet-0.13.1/src/util/test_crypto_ecdh_eddsa.c
Examining data/gnunet-0.13.1/src/util/test_crypto_hkdf.c
Examining data/gnunet-0.13.1/src/util/test_container_multipeermap.c
Examining data/gnunet-0.13.1/src/util/op.c
Examining data/gnunet-0.13.1/src/util/bandwidth.c
Examining data/gnunet-0.13.1/src/util/buffer.c
Examining data/gnunet-0.13.1/src/util/crypto_pow.c
Examining data/gnunet-0.13.1/src/util/container_meta_data.c
Examining data/gnunet-0.13.1/src/util/test_crypto_ecdsa.c
Examining data/gnunet-0.13.1/src/util/scheduler.c
Examining data/gnunet-0.13.1/src/util/dnsstub.c
Examining data/gnunet-0.13.1/src/util/test_bio.c
Examining data/gnunet-0.13.1/src/util/test_plugin_plug.c
Examining data/gnunet-0.13.1/src/util/test_container_multihashmap.c
Examining data/gnunet-0.13.1/src/util/test_os_start_process.c
Examining data/gnunet-0.13.1/src/util/test_hexcoder.c
Examining data/gnunet-0.13.1/src/util/test_common_logging_dummy.c
Examining data/gnunet-0.13.1/src/util/getopt.c
Examining data/gnunet-0.13.1/src/util/perf_crypto_asymmetric.c
Examining data/gnunet-0.13.1/src/util/benchmark.h
Examining data/gnunet-0.13.1/src/util/perf_crypto_hash.c
Examining data/gnunet-0.13.1/src/util/mst.c
Examining data/gnunet-0.13.1/src/util/proc_compat.c
Examining data/gnunet-0.13.1/src/util/strings.c
Examining data/gnunet-0.13.1/src/util/crypto_ecc_dlog.c
Examining data/gnunet-0.13.1/src/util/container_bloomfilter.c
Examining data/gnunet-0.13.1/src/util/gnunet-resolver.c
Examining data/gnunet-0.13.1/src/util/common_endian.c
Examining data/gnunet-0.13.1/src/util/gnunet-config.c
Examining data/gnunet-0.13.1/src/util/network.c
Examining data/gnunet-0.13.1/src/util/test_crypto_eddsa.c
Examining data/gnunet-0.13.1/src/util/test_strings.c
Examining data/gnunet-0.13.1/src/util/crypto_symmetric.c
Examining data/gnunet-0.13.1/src/util/crypto_paillier.c
Examining data/gnunet-0.13.1/src/util/crypto_random.c
Examining data/gnunet-0.13.1/src/util/perf_mq.c
Examining data/gnunet-0.13.1/src/util/container_multihashmap32.c
Examining data/gnunet-0.13.1/src/util/plugin.c
Examining data/gnunet-0.13.1/src/util/test_mq.c
Examining data/gnunet-0.13.1/src/util/getopt_helpers.c
Examining data/gnunet-0.13.1/src/util/crypto_rsa.c
Examining data/gnunet-0.13.1/src/util/signal.c
Examining data/gnunet-0.13.1/src/util/gnunet-service-resolver.c
Examining data/gnunet-0.13.1/src/util/tun.c
Examining data/gnunet-0.13.1/src/util/os_network.c
Examining data/gnunet-0.13.1/src/util/gnunet-uri.c
Examining data/gnunet-0.13.1/src/util/test_tun.c
Examining data/gnunet-0.13.1/src/util/disk.c
Examining data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c
Examining data/gnunet-0.13.1/src/util/perf_crypto_paillier.c
Examining data/gnunet-0.13.1/src/util/test_scheduler_delay.c
Examining data/gnunet-0.13.1/src/util/test_common_endian.c
Examining data/gnunet-0.13.1/src/util/test_crypto_ecc_dlog.c
Examining data/gnunet-0.13.1/src/util/gnunet-timeout.c
Examining data/gnunet-0.13.1/src/util/container_heap.c
Examining data/gnunet-0.13.1/src/util/common_allocation.c
Examining data/gnunet-0.13.1/src/util/test_scheduler.c
Examining data/gnunet-0.13.1/src/util/os_priority.c
Examining data/gnunet-0.13.1/src/util/test_plugin.c
Examining data/gnunet-0.13.1/src/util/speedup.h
Examining data/gnunet-0.13.1/src/util/test_crypto_hash.c
Examining data/gnunet-0.13.1/src/util/test_disk.c
Examining data/gnunet-0.13.1/src/util/peer.c
Examining data/gnunet-0.13.1/src/util/test_crypto_paillier.c
Examining data/gnunet-0.13.1/src/util/client.c
Examining data/gnunet-0.13.1/src/util/crypto_mpi.c
Examining data/gnunet-0.13.1/src/util/test_os_network.c
Examining data/gnunet-0.13.1/src/util/test_crypto_kdf.c
Examining data/gnunet-0.13.1/src/util/common_logging.c
Examining data/gnunet-0.13.1/src/util/bio.c
Examining data/gnunet-0.13.1/src/util/benchmark.c
Examining data/gnunet-0.13.1/src/util/test_container_heap.c
Examining data/gnunet-0.13.1/src/util/test_program.c
Examining data/gnunet-0.13.1/src/util/nc.c
Examining data/gnunet-0.13.1/src/util/crypto_hkdf.c
Examining data/gnunet-0.13.1/src/util/container_multishortmap.c
Examining data/gnunet-0.13.1/src/util/crypto_ecc.c
Examining data/gnunet-0.13.1/src/util/test_speedup.c
Examining data/gnunet-0.13.1/src/util/dnsparser.c
Examining data/gnunet-0.13.1/src/util/disk.h
Examining data/gnunet-0.13.1/src/util/crypto_ecc_setup.c
Examining data/gnunet-0.13.1/src/util/container_multiuuidmap.c
Examining data/gnunet-0.13.1/src/util/resolver.h
Examining data/gnunet-0.13.1/src/util/consttime_memcmp.c
Examining data/gnunet-0.13.1/src/util/test_container_multihashmap32.c
Examining data/gnunet-0.13.1/src/util/test_strings_to_data.c
Examining data/gnunet-0.13.1/src/util/gnunet-config-diff.c
Examining data/gnunet-0.13.1/src/util/test_common_allocation.c
Examining data/gnunet-0.13.1/src/util/test_crypto_symmetric.c
Examining data/gnunet-0.13.1/src/util/perf_crypto_rsa.c
Examining data/gnunet-0.13.1/src/util/load.c
Examining data/gnunet-0.13.1/src/util/perf_crypto_symmetric.c
Examining data/gnunet-0.13.1/src/util/regex.c
Examining data/gnunet-0.13.1/src/util/mq.c
Examining data/gnunet-0.13.1/src/util/configuration_loader.c
Examining data/gnunet-0.13.1/src/util/resolver_api.c
Examining data/gnunet-0.13.1/src/util/time.c
Examining data/gnunet-0.13.1/src/util/test_time.c
Examining data/gnunet-0.13.1/src/util/container_multipeermap.c
Examining data/gnunet-0.13.1/src/util/test_crypto_crc.c
Examining data/gnunet-0.13.1/src/util/container_multihashmap.c
Examining data/gnunet-0.13.1/src/util/test_service.c
Examining data/gnunet-0.13.1/src/util/test_crypto_ecdhe.c
Examining data/gnunet-0.13.1/src/util/crypto_hash.c
Examining data/gnunet-0.13.1/src/util/gnunet-ecc.c
Examining data/gnunet-0.13.1/src/util/helper.c
Examining data/gnunet-0.13.1/src/util/test_peer.c
Examining data/gnunet-0.13.1/src/util/test_crypto_ecdh_ecdsa.c
Examining data/gnunet-0.13.1/src/util/gnunet-qr.c
Examining data/gnunet-0.13.1/src/util/test_crypto_hash_context.c
Examining data/gnunet-0.13.1/src/util/crypto_hash_file.c
Examining data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c
Examining data/gnunet-0.13.1/src/util/perf_scheduler.c
Examining data/gnunet-0.13.1/src/sq/sq_exec.c
Examining data/gnunet-0.13.1/src/sq/sq_result_helper.c
Examining data/gnunet-0.13.1/src/sq/sq_prepare.c
Examining data/gnunet-0.13.1/src/sq/sq.c
Examining data/gnunet-0.13.1/src/sq/test_sq.c
Examining data/gnunet-0.13.1/src/sq/sq_query_helper.c
Examining data/gnunet-0.13.1/src/nse/nse.h
Examining data/gnunet-0.13.1/src/nse/gnunet-nse-profiler.c
Examining data/gnunet-0.13.1/src/nse/gnunet-nse.c
Examining data/gnunet-0.13.1/src/nse/test_nse_multipeer.c
Examining data/gnunet-0.13.1/src/nse/test_nse_api.c
Examining data/gnunet-0.13.1/src/nse/gnunet-service-nse.c
Examining data/gnunet-0.13.1/src/nse/nse_api.c
Examining data/gnunet-0.13.1/src/nse/perf_kdf.c
Examining data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c
Examining data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c
Examining data/gnunet-0.13.1/src/peerstore/test_plugin_peerstore.c
Examining data/gnunet-0.13.1/src/peerstore/plugin_peerstore_sqlite.c
Examining data/gnunet-0.13.1/src/peerstore/test_peerstore_api_watch.c
Examining data/gnunet-0.13.1/src/peerstore/peerstore.h
Examining data/gnunet-0.13.1/src/peerstore/peerstore_common.c
Examining data/gnunet-0.13.1/src/peerstore/gnunet-peerstore.c
Examining data/gnunet-0.13.1/src/peerstore/gnunet-service-peerstore.c
Examining data/gnunet-0.13.1/src/peerstore/peerstore_common.h
Examining data/gnunet-0.13.1/src/peerstore/test_peerstore_api_iterate.c
Examining data/gnunet-0.13.1/src/peerstore/test_peerstore_api_sync.c
Examining data/gnunet-0.13.1/src/peerstore/peerstore_api.c
Examining data/gnunet-0.13.1/src/peerstore/perf_peerstore_store.c
Examining data/gnunet-0.13.1/src/datastore/plugin_datastore_postgres.c
Examining data/gnunet-0.13.1/src/datastore/plugin_datastore_heap.c
Examining data/gnunet-0.13.1/src/datastore/datastore_api.c
Examining data/gnunet-0.13.1/src/datastore/perf_datastore_api.c
Examining data/gnunet-0.13.1/src/datastore/perf_plugin_datastore.c
Examining data/gnunet-0.13.1/src/datastore/datastore.h
Examining data/gnunet-0.13.1/src/datastore/test_datastore_api.c
Examining data/gnunet-0.13.1/src/datastore/plugin_datastore_mysql.c
Examining data/gnunet-0.13.1/src/datastore/plugin_datastore_template.c
Examining data/gnunet-0.13.1/src/datastore/gnunet-service-datastore.c
Examining data/gnunet-0.13.1/src/datastore/test_datastore_api_management.c
Examining data/gnunet-0.13.1/src/datastore/gnunet-datastore.c
Examining data/gnunet-0.13.1/src/datastore/test_plugin_datastore.c
Examining data/gnunet-0.13.1/src/datastore/plugin_datastore_sqlite.c
Examining data/gnunet-0.13.1/src/pq/pq_eval.c
Examining data/gnunet-0.13.1/src/pq/pq_connect.c
Examining data/gnunet-0.13.1/src/pq/pq_prepare.c
Examining data/gnunet-0.13.1/src/pq/pq_query_helper.c
Examining data/gnunet-0.13.1/src/pq/pq_exec.c
Examining data/gnunet-0.13.1/src/pq/test_pq.c
Examining data/gnunet-0.13.1/src/pq/pq.c
Examining data/gnunet-0.13.1/src/pq/pq.h
Examining data/gnunet-0.13.1/src/pq/pq_result_helper.c
Examining data/gnunet-0.13.1/src/pt/test_gns_vpn.c
Examining data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c
Examining data/gnunet-0.13.1/src/pt/gnunet-daemon-pt.c
Examining data/gnunet-0.13.1/src/ats-tool/gnunet-ats.c
Examining data/gnunet-0.13.1/src/include/gnunet_mq_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_strings_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_testing_lib.h
Examining data/gnunet-0.13.1/src/include/gauger.h
Examining data/gnunet-0.13.1/src/include/gnunet_rps_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_tun_lib.h
Examining data/gnunet-0.13.1/src/include/gettext.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_hello_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_namestore_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_op_lib.h
Examining data/gnunet-0.13.1/src/include/platform.h
Examining data/gnunet-0.13.1/src/include/gnunet_datastore_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_vpn_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_signal_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_ats_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_mhd_compat.h
Examining data/gnunet-0.13.1/src/include/gnunet_scheduler_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_curl_lib.h
Examining data/gnunet-0.13.1/src/include/block_fs.h
Examining data/gnunet-0.13.1/src/include/gnunet_peerinfo_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_fs_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_nc_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_sq_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_communication_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_regex_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_rest_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_util_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_testbed_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_ats_transport_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_identity_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_speaker_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_nse_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_namestore_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_dht_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_gnsrecord_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_resolver_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_service_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_load_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_ats_application_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_reclaim_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_time_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_microphone_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_namecache_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_scalarproduct_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_peerstore_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_block_group_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_reclaim_plugin.h
Examining data/gnunet-0.13.1/src/include/compat.h
Examining data/gnunet-0.13.1/src/include/gnunet_helper_lib.h
Examining data/gnunet-0.13.1/src/include/block_dns.h
Examining data/gnunet-0.13.1/src/include/gnunet_bandwidth_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_cadet_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_signatures.h
Examining data/gnunet-0.13.1/src/include/gnunet_revocation_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_reclaim_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_socks.h
Examining data/gnunet-0.13.1/src/include/gnunet_hello_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_set_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_db_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_network_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_application_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_block_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_nat_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_datacache_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_plugin_lib.h
Examining data/gnunet-0.13.1/src/include/block_regex.h
Examining data/gnunet-0.13.1/src/include/gnunet_namecache_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_core_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_abe_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_mysql_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_core_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_common.h
Examining data/gnunet-0.13.1/src/include/gnunet_gnsrecord_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_arm_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_mst_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_monitor_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_configuration_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_manipulation_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_fragmentation_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_container_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_consensus_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_friends_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_datacache_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_block_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_statistics_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_buffer_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_nt_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_conversation_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_protocols.h
Examining data/gnunet-0.13.1/src/include/gnunet_pq_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_os_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_nat_auto_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_dns_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_dnsparser_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_peer_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_getopt_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_rest_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_transport_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_bio_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_secretsharing_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_dnsstub_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_program_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_client_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_gns_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_json_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_my_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_applications.h
Examining data/gnunet-0.13.1/src/include/gnunet_abd_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_testbed_logger_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_disk_lib.h
Examining data/gnunet-0.13.1/src/include/gnunet_datastore_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_peerstore_plugin.h
Examining data/gnunet-0.13.1/src/include/gnunet_ats_service.h
Examining data/gnunet-0.13.1/src/include/gnunet_constants.h
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns.h
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.h
Examining data/gnunet-0.13.1/src/gns/gns.h
Examining data/gnunet-0.13.1/src/gns/nss/nss_gns_query.h
Examining data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c
Examining data/gnunet-0.13.1/src/gns/nss/nss_gns.c
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns_interceptor.h
Examining data/gnunet-0.13.1/src/gns/gnunet-gns.c
Examining data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c
Examining data/gnunet-0.13.1/src/gns/gns_api.h
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns_interceptor.c
Examining data/gnunet-0.13.1/src/gns/gnunet-dns2gns.c
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns.c
Examining data/gnunet-0.13.1/src/gns/plugin_block_gns.c
Examining data/gnunet-0.13.1/src/gns/gnunet-bcd.c
Examining data/gnunet-0.13.1/src/gns/test_gns_proxy.c
Examining data/gnunet-0.13.1/src/gns/gns_tld_api.c
Examining data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c
Examining data/gnunet-0.13.1/src/gns/gns_api.c
Examining data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c
Examining data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c
Examining data/gnunet-0.13.1/src/gns/plugin_rest_gns.c
Examining data/gnunet-0.13.1/src/mysql/mysql.c
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c
Examining data/gnunet-0.13.1/src/ats-tests/gnunet-ats-sim.c
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing-traffic.c
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing-experiment.c
Examining data/gnunet-0.13.1/src/ats-tests/perf_ats.c
Examining data/gnunet-0.13.1/src/ats-tests/gnunet-solver-eval.c
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing.h
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing-preferences.c
Examining data/gnunet-0.13.1/src/ats-tests/ats-testing.c
Examining data/gnunet-0.13.1/src/auction/auction.h
Examining data/gnunet-0.13.1/src/auction/gnunet-auction-create.c
Examining data/gnunet-0.13.1/src/auction/gnunet-service-auction.c
Examining data/gnunet-0.13.1/src/auction/gnunet-auction-info.c
Examining data/gnunet-0.13.1/src/auction/gnunet-auction-join.c
Examining data/gnunet-0.13.1/src/auction/test_auction_api.c
Examining data/gnunet-0.13.1/src/datacache/test_datacache_quota.c
Examining data/gnunet-0.13.1/src/datacache/datacache.c
Examining data/gnunet-0.13.1/src/datacache/test_datacache.c
Examining data/gnunet-0.13.1/src/datacache/plugin_datacache_heap.c
Examining data/gnunet-0.13.1/src/datacache/plugin_datacache_template.c
Examining data/gnunet-0.13.1/src/datacache/plugin_datacache_postgres.c
Examining data/gnunet-0.13.1/src/datacache/plugin_datacache_sqlite.c
Examining data/gnunet-0.13.1/src/datacache/perf_datacache.c
Examining data/gnunet-0.13.1/src/hello/hello-ng.c
Examining data/gnunet-0.13.1/src/hello/test_friend_hello.c
Examining data/gnunet-0.13.1/src/hello/test_hello.c
Examining data/gnunet-0.13.1/src/hello/hello.c
Examining data/gnunet-0.13.1/src/hello/address.c
Examining data/gnunet-0.13.1/src/hello/gnunet-hello.c
Examining data/gnunet-0.13.1/src/my/my_query_helper.c
Examining data/gnunet-0.13.1/src/my/test_my.c
Examining data/gnunet-0.13.1/src/my/my.c
Examining data/gnunet-0.13.1/src/my/my_result_helper.c
Examining data/gnunet-0.13.1/src/transport/transport_api_address_to_string.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_hello.c
Examining data/gnunet-0.13.1/src/transport/transport-testing-send.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_udp.c
Examining data/gnunet-0.13.1/src/transport/transport_api2_monitor.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_neighbours.h
Examining data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-tng.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_limited_sockets.c
Examining data/gnunet-0.13.1/src/transport/transport-testing-loggers.c
Examining data/gnunet-0.13.1/src/transport/transport-testing2.h
Examining data/gnunet-0.13.1/src/transport/plugin_transport_template.c
Examining data/gnunet-0.13.1/src/transport/transport_api_manipulation.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_manipulation_cfg.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_reliability.c
Examining data/gnunet-0.13.1/src/transport/test_http_common.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c
Examining data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_plugins.h
Examining data/gnunet-0.13.1/src/transport/test_transport_api_restart_reconnect.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_timeout.c
Examining data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-sender.c
Examining data/gnunet-0.13.1/src/transport/transport-testing-filenames.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_http_common.h
Examining data/gnunet-0.13.1/src/transport/test_transport_blacklisting.c
Examining data/gnunet-0.13.1/src/transport/gnunet-transport.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_hello.h
Examining data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport.h
Examining data/gnunet-0.13.1/src/transport/test_plugin_transport.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_unix.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_ats.c
Examining data/gnunet-0.13.1/src/transport/test_transport_testing_restart.c
Examining data/gnunet-0.13.1/src/transport/test_transport_address_switch.c
Examining data/gnunet-0.13.1/src/transport/transport.h
Examining data/gnunet-0.13.1/src/transport/transport_api_monitor_peers.c
Examining data/gnunet-0.13.1/src/transport/transport_api_hello_get.c
Examining data/gnunet-0.13.1/src/transport/transport_api2_communication.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_manipulation_send_tcp.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_udp.h
Examining data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_ats.h
Examining data/gnunet-0.13.1/src/transport/transport_api_core.c
Examining data/gnunet-0.13.1/src/transport/gnunet-transport-profiler.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_blacklisting.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c
Examining data/gnunet-0.13.1/src/transport/test_transport_testing_startstop.c
Examining data/gnunet-0.13.1/src/transport/transport_api_monitor_plugins.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_disconnect.c
Examining data/gnunet-0.13.1/src/transport/test_quota_compliance.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_http_client.c
Examining data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c
Examining data/gnunet-0.13.1/src/transport/transport-testing.h
Examining data/gnunet-0.13.1/src/transport/transport_api2_core.c
Examining data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_manipulation_recv_tcp.c
Examining data/gnunet-0.13.1/src/transport/transport_api_blacklist.c
Examining data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c
Examining data/gnunet-0.13.1/src/transport/transport-testing.c
Examining data/gnunet-0.13.1/src/transport/transport_api_offer_hello.c
Examining data/gnunet-0.13.1/src/transport/transport-testing2.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_manipulation.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.h
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_manipulation.h
Examining data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c
Examining data/gnunet-0.13.1/src/transport/transport-testing-main.c
Examining data/gnunet-0.13.1/src/transport/tcp_connection_legacy.c
Examining data/gnunet-0.13.1/src/transport/test_transport_api_monitor_peers.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_wlan.h
Examining data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-receiver.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_plugins.c
Examining data/gnunet-0.13.1/src/transport/plugin_transport_udp_broadcasting.c
Examining data/gnunet-0.13.1/src/transport/tcp_server_mst_legacy.c
Examining data/gnunet-0.13.1/src/transport/tcp_service_legacy.c
Examining data/gnunet-0.13.1/src/transport/test_communicator_basic.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport_neighbours.c
Examining data/gnunet-0.13.1/src/transport/tcp_server_legacy.c
Examining data/gnunet-0.13.1/src/transport/gnunet-service-transport.c
Examining data/gnunet-0.13.1/src/transport/transport_api2_application.c
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct_bob.c
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct-ecc_bob.c
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct_alice.c
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct-ecc_alice.c
Examining data/gnunet-0.13.1/src/scalarproduct/scalarproduct.h
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct.h
Examining data/gnunet-0.13.1/src/scalarproduct/gnunet-service-scalarproduct-ecc.h
Examining data/gnunet-0.13.1/src/scalarproduct/test_ecc_scalarproduct.c
Examining data/gnunet-0.13.1/src/scalarproduct/scalarproduct_api.c
Examining data/gnunet-0.13.1/src/reclaim/plugin_gnsrecord_reclaim.c
Examining data/gnunet-0.13.1/src/reclaim/reclaim_attribute.h
Examining data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c
Examining data/gnunet-0.13.1/src/reclaim/reclaim.h
Examining data/gnunet-0.13.1/src/reclaim/oidc_helper.h
Examining data/gnunet-0.13.1/src/reclaim/reclaim_api.c
Examining data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c
Examining data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attribute_basic.c
Examining data/gnunet-0.13.1/src/reclaim/gnunet-service-reclaim_tickets.c
Examining data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c
Examining data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c
Examining data/gnunet-0.13.1/src/reclaim/json_reclaim.c
Examining data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c
Examining data/gnunet-0.13.1/src/reclaim/json_reclaim.h
Examining data/gnunet-0.13.1/src/reclaim/gnunet-service-reclaim.c
Examining data/gnunet-0.13.1/src/reclaim/gnunet-service-reclaim_tickets.h
Examining data/gnunet-0.13.1/src/reclaim/oidc_helper.c
Examining data/gnunet-0.13.1/src/reclaim/reclaim_attestation.h
Examining data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c
Examining data/gnunet-0.13.1/src/testbed-logger/gnunet-service-testbed-logger.c
Examining data/gnunet-0.13.1/src/testbed-logger/test_testbed_logger_api.c
Examining data/gnunet-0.13.1/src/testbed-logger/testbed_logger_api.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_public.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_private.c
Examining data/gnunet-0.13.1/src/namestore/gnunet-service-namestore.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_remove_not_existing_record.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_nick.c
Examining data/gnunet-0.13.1/src/namestore/gnunet-namestore.c
Examining data/gnunet-0.13.1/src/namestore/namestore.h
Examining data/gnunet-0.13.1/src/namestore/plugin_namestore_sqlite.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_monitoring_existing.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_nick.c
Examining data/gnunet-0.13.1/src/namestore/test_common.c
Examining data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c
Examining data/gnunet-0.13.1/src/namestore/test_plugin_namestore.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_store_update.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow.c
Examining data/gnunet-0.13.1/src/namestore/namestore_api_monitor.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_specific_zone.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_to_name.c
Examining data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c
Examining data/gnunet-0.13.1/src/namestore/plugin_namestore_postgres.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_stop.c
Examining data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c
Examining data/gnunet-0.13.1/src/namestore/perf_namestore_api_zone_iteration.c
Examining data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_store.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_remove.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_monitoring.c
Examining data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow_filter.c
Examining data/gnunet-0.13.1/src/namestore/namestore_api.c
Examining data/gnunet-0.13.1/src/abe/test_cpabe.c
Examining data/gnunet-0.13.1/src/abe/abe.c
Examining data/gnunet-0.13.1/src/fs/gnunet-unindex.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c
Examining data/gnunet-0.13.1/src/fs/fs_publish_ksk.c
Examining data/gnunet-0.13.1/src/fs/fs_unindex.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_cp.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet_server.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_push.h
Examining data/gnunet-0.13.1/src/fs/test_fs_file_information.c
Examining data/gnunet-0.13.1/src/fs/fs_sharetree.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet.h
Examining data/gnunet-0.13.1/src/fs/fs_api.h
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_pe.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_put.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet_client.c
Examining data/gnunet-0.13.1/src/fs/gnunet-fs-profiler.c
Examining data/gnunet-0.13.1/src/fs/test_fs_search_with_and.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_cp.h
Examining data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_put.h
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.h
Examining data/gnunet-0.13.1/src/fs/gnunet-publish.c
Examining data/gnunet-0.13.1/src/fs/test_fs_namespace.c
Examining data/gnunet-0.13.1/src/fs/fs_list_indexed.c
Examining data/gnunet-0.13.1/src/fs/perf_gnunet_service_fs_p2p_respect.c
Examining data/gnunet-0.13.1/src/fs/test_fs_list_indexed.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_pr.h
Examining data/gnunet-0.13.1/src/fs/fs_dirmetascan.c
Examining data/gnunet-0.13.1/src/fs/test_fs_test_lib.c
Examining data/gnunet-0.13.1/src/fs/fs_directory.c
Examining data/gnunet-0.13.1/src/fs/fs_download.c
Examining data/gnunet-0.13.1/src/fs/test_fs_unindex.c
Examining data/gnunet-0.13.1/src/fs/fs_getopt.c
Examining data/gnunet-0.13.1/src/fs/gnunet-download.c
Examining data/gnunet-0.13.1/src/fs/fs_uri.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_pe.h
Examining data/gnunet-0.13.1/src/fs/test_fs_getopt.c
Examining data/gnunet-0.13.1/src/fs/gnunet-daemon-fsprofiler.c
Examining data/gnunet-0.13.1/src/fs/test_fs_publish.c
Examining data/gnunet-0.13.1/src/fs/test_fs_search.c
Examining data/gnunet-0.13.1/src/fs/test_fs_download_persistence.c
Examining data/gnunet-0.13.1/src/fs/test_fs_download.c
Examining data/gnunet-0.13.1/src/fs/fs_api.c
Examining data/gnunet-0.13.1/src/fs/plugin_block_fs.c
Examining data/gnunet-0.13.1/src/fs/gnunet-fs.c
Examining data/gnunet-0.13.1/src/fs/test_fs_search_probes.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs.h
Examining data/gnunet-0.13.1/src/fs/test_fs_namespace_list_updateable.c
Examining data/gnunet-0.13.1/src/fs/fs_misc.c
Examining data/gnunet-0.13.1/src/fs/fs_publish_ublock.c
Examining data/gnunet-0.13.1/src/fs/test_fs_uri.c
Examining data/gnunet-0.13.1/src/fs/fs_file_information.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_pr.c
Examining data/gnunet-0.13.1/src/fs/fs_publish_ublock.h
Examining data/gnunet-0.13.1/src/fs/gnunet-search.c
Examining data/gnunet-0.13.1/src/fs/test_fs_start_stop.c
Examining data/gnunet-0.13.1/src/fs/fs_test_lib.c
Examining data/gnunet-0.13.1/src/fs/gnunet-auto-share.c
Examining data/gnunet-0.13.1/src/fs/fs_tree.h
Examining data/gnunet-0.13.1/src/fs/fs_search.c
Examining data/gnunet-0.13.1/src/fs/perf_gnunet_service_fs_p2p.c
Examining data/gnunet-0.13.1/src/fs/gnunet-service-fs_push.c
Examining data/gnunet-0.13.1/src/fs/fs_tree.c
Examining data/gnunet-0.13.1/src/fs/test_fs_directory.c
Examining data/gnunet-0.13.1/src/fs/test_fs_unindex_persistence.c
Examining data/gnunet-0.13.1/src/fs/test_fs_search_persistence.c
Examining data/gnunet-0.13.1/src/fs/fs_namespace.c
Examining data/gnunet-0.13.1/src/fs/test_gnunet_service_fs_migration.c
Examining data/gnunet-0.13.1/src/fs/fs.h
Examining data/gnunet-0.13.1/src/fs/fs_test_lib.h
Examining data/gnunet-0.13.1/src/fs/test_plugin_block_fs.c
Examining data/gnunet-0.13.1/src/fs/test_fs_publish_persistence.c
Examining data/gnunet-0.13.1/src/fs/fs_publish.c
Examining data/gnunet-0.13.1/src/fs/test_gnunet_service_fs_p2p.c
Examining data/gnunet-0.13.1/src/fs/gnunet-directory.c
Examining data/gnunet-0.13.1/src/testing/testing.c
Examining data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c
Examining data/gnunet-0.13.1/src/testing/list-keys.c
Examining data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c
Examining data/gnunet-0.13.1/src/testing/gnunet-testing.c
Examining data/gnunet-0.13.1/src/testing/test_testing_servicestartup.c
Examining data/gnunet-0.13.1/src/testing/test_testing_portreservation.c
Examining data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c
Examining data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c
Examining data/gnunet-0.13.1/src/abd/abd_serialization.h
Examining data/gnunet-0.13.1/src/abd/abd_serialization.c
Examining data/gnunet-0.13.1/src/abd/gnunet-service-abd.c
Examining data/gnunet-0.13.1/src/abd/abd_api.c
Examining data/gnunet-0.13.1/src/abd/gnunet-abd.c
Examining data/gnunet-0.13.1/src/abd/abd.h
Examining data/gnunet-0.13.1/src/abd/delegate_misc.h
Examining data/gnunet-0.13.1/src/abd/delegate_misc.c
Examining data/gnunet-0.13.1/src/rest/gnunet-rest-server.c
Examining data/gnunet-0.13.1/src/rest/plugin_rest_copying.c
Examining data/gnunet-0.13.1/src/rest/rest.c
Examining data/gnunet-0.13.1/src/rest/plugin_rest_config.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_addresses.c
Examining data/gnunet-0.13.1/src/ats/plugin_ats_proportional.c
Examining data/gnunet-0.13.1/src/ats/test_ats_api.c
Examining data/gnunet-0.13.1/src/ats/ats_api_connectivity.c
Examining data/gnunet-0.13.1/src/ats/test_ats_lib.h
Examining data/gnunet-0.13.1/src/ats/ats.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_performance.c
Examining data/gnunet-0.13.1/src/ats/ats_api_scanner.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_plugins.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_scheduling.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_scheduling.h
Examining data/gnunet-0.13.1/src/ats/test_ats_reservation_api.c
Examining data/gnunet-0.13.1/src/ats/test_ats_lib.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_connectivity.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_addresses.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_connectivity.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_reservations.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_preferences.c
Examining data/gnunet-0.13.1/src/ats/ats_api_performance.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_normalization.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_preferences.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_plugins.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_reservations.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats.h
Examining data/gnunet-0.13.1/src/ats/ats_api_scheduling.c
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_performance.h
Examining data/gnunet-0.13.1/src/ats/gnunet-service-ats_normalization.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_neighbours.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_neighbours.h
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_routing.h
Examining data/gnunet-0.13.1/src/dht/dht_test_lib.h
Examining data/gnunet-0.13.1/src/dht/gnunet-dht-get.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_datacache.c
Examining data/gnunet-0.13.1/src/dht/test_dht_topo.c
Examining data/gnunet-0.13.1/src/dht/test_dht_monitor.c
Examining data/gnunet-0.13.1/src/dht/gnunet-dht-monitor.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_hello.c
Examining data/gnunet-0.13.1/src/dht/gnunet-dht-put.c
Examining data/gnunet-0.13.1/src/dht/dht_test_lib.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_clients.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_nse.c
Examining data/gnunet-0.13.1/src/dht/plugin_block_dht.c
Examining data/gnunet-0.13.1/src/dht/test_dht_api.c
Examining data/gnunet-0.13.1/src/dht/dht_api.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht.h
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_nse.h
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_routing.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht.c
Examining data/gnunet-0.13.1/src/dht/gnunet_dht_profiler.c
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_datacache.h
Examining data/gnunet-0.13.1/src/dht/gnunet-service-dht_hello.h
Examining data/gnunet-0.13.1/src/dht/dht.h
Examining data/gnunet-0.13.1/src/set/gnunet-service-set.h
Examining data/gnunet-0.13.1/src/set/ibf.h
Examining data/gnunet-0.13.1/src/set/gnunet-set-ibf-profiler.c
Examining data/gnunet-0.13.1/src/set/set_api.c
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_protocol.h
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_intersection.c
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_union.c
Examining data/gnunet-0.13.1/src/set/ibf.c
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_intersection.h
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_union.h
Examining data/gnunet-0.13.1/src/set/gnunet-service-set.c
Examining data/gnunet-0.13.1/src/set/test_set_union_copy.c
Examining data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c
Examining data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c
Examining data/gnunet-0.13.1/src/set/test_set_api.c
Examining data/gnunet-0.13.1/src/set/set.h
Examining data/gnunet-0.13.1/src/set/gnunet-set-profiler.c
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_union_strata_estimator.h
Examining data/gnunet-0.13.1/src/set/plugin_block_set_test.c
Examining data/gnunet-0.13.1/src/set/gnunet-service-set_union_strata_estimator.c
Examining data/gnunet-0.13.1/src/curl/curl.c
Examining data/gnunet-0.13.1/src/curl/curl_reschedule.c
Examining data/gnunet-0.13.1/src/consensus/test_consensus_api.c
Examining data/gnunet-0.13.1/src/consensus/consensus.h
Examining data/gnunet-0.13.1/src/consensus/gnunet-consensus-profiler.c
Examining data/gnunet-0.13.1/src/consensus/consensus_protocol.h
Examining data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c
Examining data/gnunet-0.13.1/src/consensus/plugin_block_consensus.c
Examining data/gnunet-0.13.1/src/consensus/consensus_api.c
Examining data/gnunet-0.13.1/src/rps/test_service_rps_view.c
Examining data/gnunet-0.13.1/src/rps/test_rps.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps.c
Examining data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_view.h
Examining data/gnunet-0.13.1/src/rps/rps.h
Examining data/gnunet-0.13.1/src/rps/rps_api.c
Examining data/gnunet-0.13.1/src/rps/rps-test_util.c
Examining data/gnunet-0.13.1/src/rps/gnunet-rps.c
Examining data/gnunet-0.13.1/src/rps/rps-sampler_common.h
Examining data/gnunet-0.13.1/src/rps/rps-test_util.h
Examining data/gnunet-0.13.1/src/rps/rps-sampler_client.h
Examining data/gnunet-0.13.1/src/rps/rps-sampler_client.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_view.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_custommap.c
Examining data/gnunet-0.13.1/src/rps/test_service_rps_sampler_elem.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_sampler_elem.h
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_custommap.h
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_sampler.h
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_sampler.c
Examining data/gnunet-0.13.1/src/rps/rps-sampler_common.c
Examining data/gnunet-0.13.1/src/rps/gnunet-service-rps_sampler_elem.c
Examining data/gnunet-0.13.1/src/rps/test_service_rps_custommap.c
Examining data/gnunet-0.13.1/src/secretsharing/test_secretsharing_api.c
Examining data/gnunet-0.13.1/src/secretsharing/gnunet-service-secretsharing.c
Examining data/gnunet-0.13.1/src/secretsharing/secretsharing.h
Examining data/gnunet-0.13.1/src/secretsharing/gnunet-secretsharing-profiler.c
Examining data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h
Examining data/gnunet-0.13.1/src/secretsharing/secretsharing_api.c
Examining data/gnunet-0.13.1/src/secretsharing/secretsharing_common.c
Examining data/gnunet-0.13.1/src/revocation/revocation_api.c
Examining data/gnunet-0.13.1/src/revocation/revocation.h
Examining data/gnunet-0.13.1/src/revocation/plugin_block_revocation.c
Examining data/gnunet-0.13.1/src/revocation/gnunet-revocation.c
Examining data/gnunet-0.13.1/src/revocation/gnunet-service-revocation.c
Examining data/gnunet-0.13.1/src/revocation/test_revocation.c
Examining data/gnunet-0.13.1/src/revocation/gnunet-revocation-tvg.c
Examining data/gnunet-0.13.1/src/namecache/test_namecache_api_cache_block.c
Examining data/gnunet-0.13.1/src/namecache/test_plugin_namecache.c
Examining data/gnunet-0.13.1/src/namecache/namecache.h
Examining data/gnunet-0.13.1/src/namecache/gnunet-service-namecache.c
Examining data/gnunet-0.13.1/src/namecache/plugin_namecache_flat.c
Examining data/gnunet-0.13.1/src/namecache/plugin_namecache_postgres.c
Examining data/gnunet-0.13.1/src/namecache/gnunet-namecache.c
Examining data/gnunet-0.13.1/src/namecache/namecache_api.c
Examining data/gnunet-0.13.1/src/namecache/plugin_namecache_sqlite.c
Examining data/gnunet-0.13.1/gnunet_config.h
FINAL RESULTS:
data/gnunet-0.13.1/src/util/disk.c:392:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (0 != chmod (fn, mode))
data/gnunet-0.13.1/src/util/disk.c:1039:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
(void) chmod (filename, S_IWUSR | S_IRUSR | S_IXUSR);
data/gnunet-0.13.1/src/util/disk.c:1181:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (0 != chown (filename, pws->pw_uid, pws->pw_gid))
data/gnunet-0.13.1/src/util/os_installation.c:187:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink (fn, lnk, sizeof(lnk) - 1);
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (tmp, "%s%s", basename, dirname);
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:48:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access (tmp, R_OK))
data/gnunet-0.13.1/src/abd/delegate_misc.c:98:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (6 != sscanf (s,
data/gnunet-0.13.1/src/abd/delegate_misc.c:108:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (5 != sscanf (s,
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1144:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (issuer_attribute_name, ds_entry->unresolved_attribute_delegation);
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1280:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (issuer_attribute_name, vrh->issuer_attribute);
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:177:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
matches = sscanf (token, "%s %s", subject_pkey, attr_str);
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:207:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
matches = sscanf (token, "%s %s", subject_pkey, attr_str);
data/gnunet-0.13.1/src/arm/gnunet-arm.c:389:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout, msg, req_string (rs));
data/gnunet-0.13.1/src/arm/gnunet-arm.c:492:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/arm/gnunet-arm.c:550:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/arm/gnunet-arm.c:879:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/gnunet-0.13.1/src/ats/gnunet-service-ats_addresses.c:598:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&addrp[plugin_addr_len],
data/gnunet-0.13.1/src/ats/gnunet-service-ats_performance.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (&addrp[plugin_addr_len], plugin_name);
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:546:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/datastore/perf_datastore_api.c:416:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (
data/gnunet-0.13.1/src/dht/gnunet-dht-get.c:157:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/dht/gnunet-dht-monitor.c:178:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/dht/gnunet-dht-monitor.c:220:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout,
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:224:12: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execv (file, cmd);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:296:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev, ifr.ifr_name);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:775:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (IPTABLES, X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:779:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/iptables", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:781:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/iptables", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:791:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (IP6TABLES, X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:795:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/ip6tables", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:797:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/ip6tables", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:807:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (PATH_TO_IP, X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:811:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/ip", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:813:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/ip", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:815:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/bin/ip", X_OK)) /* gentoo has it there */
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:825:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (SYSCTL, X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:829:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/sysctl", X_OK))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:831:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/sysctl", X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:162:12: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execv (file, cmd);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:236:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev, ifr.ifr_name);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:717:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (IPTABLES, X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:721:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/iptables", X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:723:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/iptables", X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:733:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (SYSCTL, X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:737:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/sysctl", X_OK))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:739:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/sysctl", X_OK))
data/gnunet-0.13.1/src/fs/fs_getopt.c:109:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (val, value);
data/gnunet-0.13.1/src/fs/fs_uri.c:190:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, keyword);
data/gnunet-0.13.1/src/fs/fs_uri.c:192:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, &keyword[1]);
data/gnunet-0.13.1/src/fs/fs_uri.c:198:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, keyword);
data/gnunet-0.13.1/src/fs/fs_uri.c:200:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, &keyword[1]);
data/gnunet-0.13.1/src/fs/fs_uri.c:262:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, out);
data/gnunet-0.13.1/src/fs/fs_uri.c:1887:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ret, GNUNET_FS_URI_PREFIX);
data/gnunet-0.13.1/src/fs/fs_uri.c:1888:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (ret, GNUNET_FS_URI_KSK_INFIX);
data/gnunet-0.13.1/src/fs/gnunet-publish.c:726:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access (args0, R_OK))
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:313:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((NULL == fn) || (0 != access (fn, R_OK)))
data/gnunet-0.13.1/src/gns/gns_tld_api.c:132:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (name, GNUNET_GNS_EMPTY_LABEL_AT);
data/gnunet-0.13.1/src/gns/gns_tld_api.c:210:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ltr->name, GNUNET_GNS_EMPTY_LABEL_AT);
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:226:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system (p);
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1199:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf (new_cookie_hdr + offset,
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1208:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf (new_cookie_hdr + offset,
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1217:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset += sprintf (new_cookie_hdr + offset,
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1885:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (ac->authority_info.dns_authority.name,
data/gnunet-0.13.1/src/gns/nss/nss_gns.c:147:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buffer + idx,
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c:93:12: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execvp ("gnunet-gns", argv);
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c:153:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("gnunet-arm -s");
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:253:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ((char *) &vpn[1], s_serv);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:656:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (4 != sscanf (s, "%u %u %u %s", &usage, &selector, &matching_type,
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:690:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (3 != sscanf (s, "%u %s %[^\n]", &flags, tag, value))
data/gnunet-0.13.1/src/include/gauger.h:38:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp ("gauger", __gauger_v); \
data/gnunet-0.13.1/src/include/gauger.h:70:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp ("gauger", __gauger_v); \
data/gnunet-0.13.1/src/include/gnunet_common.h:452:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/gnunet-0.13.1/src/include/gnunet_disk_lib.h:729:48: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum GNUNET_DISK_MapType access,
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:176:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:198:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:210:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_reserve_port (struct GNUNET_TESTING_System *system);
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:221:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:243:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_configuration_create (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/include/gnunet_testing_lib.h:263:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_peer_configure (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/mysql/mysql.c:192:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((0 != stat (cnffile, &st)) || (0 != access (cnffile, R_OK)) ||
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (zr->zoneinfo + zr->write_offset,
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:451:12: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (1 != sscanf (line,
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:491:12: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(void) execv (file, cmd);
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:798:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access ("/dev/net/tun", R_OK))
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:425:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access ("/dev/net/tun", R_OK))
data/gnunet-0.13.1/src/regex/regex_test_lib.c:619:20: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
len = (size_t) sscanf (&buffer[offset], "%s", regex);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:388:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp_url, url);
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:494:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (subsys_name, "%s---%s", subsystem, name);
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:764:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL != GST_context->system)
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:765:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (GST_context->system,
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.h:260:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cpustatus.c:148:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
unsigned long long user, system, nice, idle, iowait;
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:254:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (namebuf, head);
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_peers.c:500:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_peer_configure (GST_context->system,
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_peers.c:917:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
= GNUNET_TESTING_peer_configure (GST_context->system,
data/gnunet-0.13.1/src/testbed/testbed_api.c:2013:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void) strcpy ((char *) &msg[1], trusted_ip);
data/gnunet-0.13.1/src/testing/gnunet-testing.c:89:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/gnunet-testing.c:140:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (GNUNET_OK != GNUNET_TESTING_configuration_create (system, cfg_new))
data/gnunet-0.13.1/src/testing/gnunet-testing.c:165:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_NO);
data/gnunet-0.13.1/src/testing/gnunet-testing.c:175:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/gnunet-testing.c:181:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
pk = GNUNET_TESTING_hostkey_get (system, create_no, &id);
data/gnunet-0.13.1/src/testing/gnunet-testing.c:187:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/gnunet-testing.c:206:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c:48:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c:80:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL != test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c:81:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (test_ctx->system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c:102:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_peerstartup.c:106:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_peer_configure (test_ctx->system,
data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c:60:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c:95:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL != test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c:96:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (test_ctx->system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c:172:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_peerstartup2.c:176:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_peer_configure (test_ctx->system,
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:47:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:54:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_assert (NULL != system);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:55:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
new_port1 = GNUNET_TESTING_reserve_port (system);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:60:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
new_port2 = GNUNET_TESTING_reserve_port (system);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:66:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (system, new_port1);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:69:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
new_port1 = GNUNET_TESTING_reserve_port (system);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:74:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (system, new_port1);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:75:32: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (system, new_port2);
data/gnunet-0.13.1/src/testing/test_testing_portreservation.c:79:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c:49:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c:86:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL != test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c:87:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (test_ctx->system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c:114:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == test_ctx->system)
data/gnunet-0.13.1/src/testing/test_testing_sharedservices.c:119:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
peer = GNUNET_TESTING_peer_configure (test_ctx->system,
data/gnunet-0.13.1/src/testing/testing.c:175:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/testing.c:252:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
hostkeys_load (struct GNUNET_TESTING_System *system)
data/gnunet-0.13.1/src/testing/testing.c:315:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
hostkeys_unload (struct GNUNET_TESTING_System *system)
data/gnunet-0.13.1/src/testing/testing.c:376:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/testing.c:391:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_free (system);
data/gnunet-0.13.1/src/testing/testing.c:398:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (GNUNET_OK != hostkeys_load (system))
data/gnunet-0.13.1/src/testing/testing.c:400:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/testing.c:404:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system;
data/gnunet-0.13.1/src/testing/testing.c:428:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system;
data/gnunet-0.13.1/src/testing/testing.c:534:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:543:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
hostkeys_unload (system);
data/gnunet-0.13.1/src/testing/testing.c:565:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_free (system);
data/gnunet-0.13.1/src/testing/testing.c:576:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_reserve_port (struct GNUNET_TESTING_System *system)
data/gnunet-0.13.1/src/testing/testing.c:672:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:710:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_hostkey_get (const struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:744:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/testing.c:814:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
new_port = GNUNET_TESTING_reserve_port (uc->system);
data/gnunet-0.13.1/src/testing/testing.c:989:57: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
associate_shared_service (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:1011:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
port = GNUNET_TESTING_reserve_port (system);
data/gnunet-0.13.1/src/testing/testing.c:1082:69: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_configuration_create_ (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:1090:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
uc.system = system;
data/gnunet-0.13.1/src/testing/testing.c:1145:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_configuration_create (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:1148:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return GNUNET_TESTING_configuration_create_ (system, cfg, NULL, NULL);
data/gnunet-0.13.1/src/testing/testing.c:1166:62: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_peer_configure (struct GNUNET_TESTING_System *system,
data/gnunet-0.13.1/src/testing/testing.c:1201:50: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(NULL == (pk = GNUNET_TESTING_hostkey_get (system, key_number, id))))
data/gnunet-0.13.1/src/testing/testing.c:1224:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_configuration_create_ (system, cfg, &ports, &nports))
data/gnunet-0.13.1/src/testing/testing.c:1269:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ss_instances[cnt] = associate_shared_service (system, ss, cfg);
data/gnunet-0.13.1/src/testing/testing.c:1311:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
peer->system = system;
data/gnunet-0.13.1/src/testing/testing.c:1347:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_hostkey_get (peer->system, peer->key_number, peer->id));
data/gnunet-0.13.1/src/testing/testing.c:1574:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_release_port (peer->system, peer->ports[cnt]);
data/gnunet-0.13.1/src/testing/testing.c:1677:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
struct GNUNET_TESTING_System *system;
data/gnunet-0.13.1/src/testing/testing.c:1685:15: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == system)
data/gnunet-0.13.1/src/testing/testing.c:1694:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/testing.c:1697:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
peer = GNUNET_TESTING_peer_configure (system, cfg, 0, NULL, NULL);
data/gnunet-0.13.1/src/testing/testing.c:1701:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
hostkeys_unload (system);
data/gnunet-0.13.1/src/testing/testing.c:1702:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/testing.c:1728:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/testing.c:1741:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/testing/testing.c:1746:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
GNUNET_TESTING_system_destroy (system, GNUNET_YES);
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-receiver.c:104:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execlp ("gnunet-helper-transport-wlan",
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-sender.c:241:9: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (execlp ("gnunet-helper-transport-wlan",
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:2071:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (text,
data/gnunet-0.13.1/src/transport/plugin_transport_udp_broadcasting.c:460:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (name, R_OK))
data/gnunet-0.13.1/src/transport/plugin_transport_udp_broadcasting.c:515:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (name, R_OK))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1015:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access (rdir, F_OK))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1023:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access (rdir, W_OK | X_OK))
data/gnunet-0.13.1/src/util/buffer.c:237:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf (NULL, 0, fmt, args2);
data/gnunet-0.13.1/src/util/buffer.c:244:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf (buf->mem + buf->position, res + 1, fmt, args2);
data/gnunet-0.13.1/src/util/client.c:920:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (unixpath,
data/gnunet-0.13.1/src/util/common_allocation.c:481:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf (NULL, 0, format, args);
data/gnunet-0.13.1/src/util/common_allocation.c:486:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf (*buf, format, args);
data/gnunet-0.13.1/src/util/common_allocation.c:508:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
ret = vsnprintf (buf, size, format, args);
data/gnunet-0.13.1/src/util/common_logging.c:362:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (last_fn, fn);
data/gnunet-0.13.1/src/util/common_logging.c:975:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
size = vsnprintf (NULL, 0, message, vacp) + 1;
data/gnunet-0.13.1/src/util/common_logging.c:1019:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (0 > snprintf (date, sizeof(date), date2, timeofday.tv_usec))
data/gnunet-0.13.1/src/util/common_logging.c:1023:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buf, size, message, va);
data/gnunet-0.13.1/src/util/common_logging.c:1367:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (buf, ret);
data/gnunet-0.13.1/src/util/common_logging.c:1410:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, b2);
data/gnunet-0.13.1/src/util/common_logging.c:1423:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, b2);
data/gnunet-0.13.1/src/util/configuration.c:559:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (val, ent->val);
data/gnunet-0.13.1/src/util/configuration.c:1384:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, prefix);
data/gnunet-0.13.1/src/util/configuration.c:1385:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (result, post);
data/gnunet-0.13.1/src/util/configuration.c:1665:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nw, old);
data/gnunet-0.13.1/src/util/configuration.c:1668:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nw, escaped);
data/gnunet-0.13.1/src/util/disk.c:175:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((S_ISDIR (buf.st_mode)) && (0 == access (fn, X_OK)) &&
data/gnunet-0.13.1/src/util/disk.c:449:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
while (0 == access (target, F_OK));
data/gnunet-0.13.1/src/util/disk.c:523:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = access (fil, R_OK | X_OK);
data/gnunet-0.13.1/src/util/disk.c:525:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ret = access (fil, X_OK);
data/gnunet-0.13.1/src/util/disk.c:571:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access (rdir, F_OK) < 0)
data/gnunet-0.13.1/src/util/disk.c:697:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (rdir, W_OK))
data/gnunet-0.13.1/src/util/disk.c:714:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((GNUNET_OK == ret) && (0 != access (rdir, W_OK)))
data/gnunet-0.13.1/src/util/disk.c:1377:48: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
enum GNUNET_DISK_MapType access,
data/gnunet-0.13.1/src/util/disk.c:1389:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & GNUNET_DISK_MAP_TYPE_READ)
data/gnunet-0.13.1/src/util/disk.c:1391:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access & GNUNET_DISK_MAP_TYPE_WRITE)
data/gnunet-0.13.1/src/util/gnunet-qr.c:34:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (fmt, ## __VA_ARGS__)
data/gnunet-0.13.1/src/util/gnunet-timeout.c:103:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp (argv[2], &argv[2]);
data/gnunet-0.13.1/src/util/network.c:187:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (unixpath, (char *) ae.encoding);
data/gnunet-0.13.1/src/util/os_installation.c:329:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s/%s", pos, binary);
data/gnunet-0.13.1/src/util/os_installation.c:339:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "%s/%s", pos, binary);
data/gnunet-0.13.1/src/util/os_installation.c:796:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 != access (p, X_OK))
data/gnunet-0.13.1/src/util/os_network.c:81:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (IFCONFIG, X_OK))
data/gnunet-0.13.1/src/util/os_network.c:85:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/ifconfig", X_OK))
data/gnunet-0.13.1/src/util/os_network.c:87:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/ifconfig", X_OK))
data/gnunet-0.13.1/src/util/os_network.c:95:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen (pcall, "r");
data/gnunet-0.13.1/src/util/os_network.c:268:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access (PATH_TO_IP, X_OK))
data/gnunet-0.13.1/src/util/os_network.c:272:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == access ("/sbin/ip", X_OK))
data/gnunet-0.13.1/src/util/os_network.c:274:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == access ("/usr/sbin/ip", X_OK))
data/gnunet-0.13.1/src/util/os_network.c:282:7: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen (pcall, "r");
data/gnunet-0.13.1/src/util/os_priority.c:588:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp (filename, argv);
data/gnunet-0.13.1/src/util/perf_crypto_asymmetric.c:49:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (s, "%6s %15s", cryptosystem, description);
data/gnunet-0.13.1/src/util/regex.c:281:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (before, buf);
data/gnunet-0.13.1/src/util/regex.c:283:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (after, buf);
data/gnunet-0.13.1/src/util/regex.c:285:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (middlel, buf);
data/gnunet-0.13.1/src/util/regex.c:287:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (middleh, buf);
data/gnunet-0.13.1/src/util/regex.c:303:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (beforep, before);
data/gnunet-0.13.1/src/util/regex.c:310:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (middlelp, middlel);
data/gnunet-0.13.1/src/util/regex.c:317:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (middlehp, middleh);
data/gnunet-0.13.1/src/util/regex.c:324:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (afterp, after);
data/gnunet-0.13.1/src/util/regex.c:327:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dots, DOT);
data/gnunet-0.13.1/src/util/scheduler.c:2384:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (0 != system (lsof))
data/gnunet-0.13.1/src/util/strings.c:1434:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p, argv[i]);
data/gnunet-0.13.1/src/util/test_strings.c:28:46: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define WANT(a, b) if (0 != strcmp (a, b)) { fprintf (stderr, \
data/gnunet-0.13.1/src/util/test_strings.c:34:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define WANTNF(a, b) do { if (0 != strcmp (a, b)) { fprintf (stderr, \
data/gnunet-0.13.1/src/util/test_strings.c:56:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "4 %s", _ (/* size unit */ "b"));
data/gnunet-0.13.1/src/util/test_strings.c:59:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "10 %s", _ (/* size unit */ "KiB"));
data/gnunet-0.13.1/src/util/test_strings.c:62:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "10 %s", _ (/* size unit */ "TiB"));
data/gnunet-0.13.1/src/util/test_strings.c:65:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "4 %s", _ (/* time unit */ "ms"));
data/gnunet-0.13.1/src/util/test_strings.c:70:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "7 %s", _ (/* time unit */ "s"));
data/gnunet-0.13.1/src/util/test_strings.c:75:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buf, "7 %s", _ (/* time unit */ "h"));
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:133:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dev, ifr.ifr_name);
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:36:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
basename = getenv ("GNUNET_PREFIX");
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback-gst.c:268:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int read_pure_ogg = getenv ("GNUNET_READ_PURE_OGG") ? 1 : 0;
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:805:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
int read_pure_ogg = getenv ("GNUNET_READ_PURE_OGG") ? 1 : 0;
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:830:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dump_to_stdout = getenv ("GNUNET_DUMP_DECODED_OGG") ? 1 : 0;
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record-gst.c:180:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dump_pure_ogg = getenv ("GNUNET_RECORD_PURE_OGG") ? 1 : 0;
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record.c:801:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dump_pure_ogg = getenv ("GNUNET_RECORD_PURE_OGG") ? 1 : 0;
data/gnunet-0.13.1/src/datastore/datastore.h:127:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint32_t random GNUNET_PACKED;
data/gnunet-0.13.1/src/datastore/datastore.h:160:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint32_t random GNUNET_PACKED;
data/gnunet-0.13.1/src/datastore/datastore_api.c:1385:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/datastore/datastore_api.c:1410:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gm->random = random;
data/gnunet-0.13.1/src/datastore/datastore_api.c:1418:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gkm->random = random;
data/gnunet-0.13.1/src/datastore/gnunet-service-datastore.c:862:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
msg->random,
data/gnunet-0.13.1/src/datastore/gnunet-service-datastore.c:916:30: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
msg->random,
data/gnunet-0.13.1/src/datastore/plugin_datastore_heap.c:444:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random;
data/gnunet-0.13.1/src/datastore/plugin_datastore_heap.c:467:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (gc->random)
data/gnunet-0.13.1/src/datastore/plugin_datastore_heap.c:498:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/datastore/plugin_datastore_heap.c:509:15: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gc.random = random;
data/gnunet-0.13.1/src/datastore/plugin_datastore_mysql.c:550:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/datastore/plugin_datastore_mysql.c:559:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random)
data/gnunet-0.13.1/src/datastore/plugin_datastore_postgres.c:492:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/datastore/plugin_datastore_postgres.c:500:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint16_t use_rvalue = random;
data/gnunet-0.13.1/src/datastore/plugin_datastore_postgres.c:517:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random)
data/gnunet-0.13.1/src/datastore/plugin_datastore_sqlite.c:883:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/datastore/plugin_datastore_sqlite.c:891:20: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int use_rvalue = random;
data/gnunet-0.13.1/src/datastore/plugin_datastore_sqlite.c:916:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random)
data/gnunet-0.13.1/src/datastore/plugin_datastore_template.c:111:31: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/dht/gnunet-service-dht_neighbours.c:2526:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(NULL != getenv ("GNUNET_DHT_ROUTE_DEBUG")) ? GNUNET_YES : GNUNET_NO;
data/gnunet-0.13.1/src/fs/fs_sharetree.c:353:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *user = getenv ("USER");
data/gnunet-0.13.1/src/fs/gnunet-service-fs_pr.c:1428:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random)
data/gnunet-0.13.1/src/fs/gnunet-service-fs_pr.c:1436:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random,
data/gnunet-0.13.1/src/include/gnunet_datastore_plugin.h:223:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/include/gnunet_datastore_service.h:283:32: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random,
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1411:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pkey_str = getenv ("GNUNET_NAMESTORE_EGO_PRIVATE_KEY");
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:380:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (NULL));
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:298:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *xdg = getenv ("XDG_CONFIG_HOME");
data/gnunet-0.13.1/src/set/gnunet-service-set_union.c:909:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
set_debug = getenv ("GNUNET_SET_BENCHMARK");
data/gnunet-0.13.1/src/testbed/gnunet-helper-testbed.c:389:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
evstr = getenv (GNUNET_TESTING_PREFIX);
data/gnunet-0.13.1/src/testbed/testbed_api_barriers.c:194:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cfg_filename = getenv (ENV_TESTBED_CONFIG);
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:595:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (hostfile = getenv ("MP_SAVEHOSTFILE")))
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:879:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (ssh_cmd = getenv ("GNUNET_TESTBED_RSH_CMD")))
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:947:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (rshell_cmd = getenv ("GNUNET_TESTBED_RSH_CMD_SUFFIX")))
data/gnunet-0.13.1/src/testing/testing.c:383:34: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (system->tmppath = getenv (GNUNET_TESTING_PREFIX)))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:920:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((NULL != (nfds = getenv ("LISTEN_FDS"))) &&
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1360:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xdg = getenv ("XDG_CONFIG_HOME");
data/gnunet-0.13.1/src/util/benchmark.c:58:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
benchmark_dir = getenv ("GNUNET_BENCHMARK_DIR");
data/gnunet-0.13.1/src/util/common_logging.c:565:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv (constname);
data/gnunet-0.13.1/src/util/common_logging.c:723:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env_logfile = getenv ("GNUNET_FORCE_LOGFILE");
data/gnunet-0.13.1/src/util/configuration.c:1354:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (env = getenv (start)))
data/gnunet-0.13.1/src/util/configuration_loader.c:50:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL != (baseconfig = getenv (base_config_varname)))
data/gnunet-0.13.1/src/util/crypto_random.c:85:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return((double) random () / RAND_MAX);
data/gnunet-0.13.1/src/util/crypto_random.c:98:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom (seed);
data/gnunet-0.13.1/src/util/disk.c:352:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TMPDIR");
data/gnunet-0.13.1/src/util/disk.c:354:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TMP");
data/gnunet-0.13.1/src/util/disk.c:356:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TEMP");
data/gnunet-0.13.1/src/util/getopt.c:192:1: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
getenv ();
data/gnunet-0.13.1/src/util/getopt.c:325:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
posixly_correct = getenv ("POSIXLY_CORRECT");
data/gnunet-0.13.1/src/util/gnunet-config.c:244:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *xdg = getenv ("XDG_CONFIG_HOME");
data/gnunet-0.13.1/src/util/os_installation.c:319:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (NULL == (p = getenv ("PATH")))
data/gnunet-0.13.1/src/util/os_installation.c:365:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(NULL != (p = getenv (current_pd->env_varname))))
data/gnunet-0.13.1/src/util/os_installation.c:368:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
(NULL != (p = getenv (current_pd->env_varname_alt))))
data/gnunet-0.13.1/src/util/os_priority.c:118:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pipe_fd = getenv (GNUNET_OS_CONTROL_PIPE);
data/gnunet-0.13.1/src/util/os_priority.c:155:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env_buf = getenv (GNUNET_OS_CONTROL_PIPE);
data/gnunet-0.13.1/src/util/perf_crypto_ecc_dlog.c:140:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/program.c:178:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
gargs = getenv ("GNUNET_ARGS");
data/gnunet-0.13.1/src/util/program.c:235:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xdg = getenv ("XDG_CONFIG_HOME");
data/gnunet-0.13.1/src/util/service.c:1487:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((NULL != (nfds = getenv ("LISTEN_FDS"))) &&
data/gnunet-0.13.1/src/util/service.c:2007:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
xdg = getenv ("XDG_CONFIG_HOME");
data/gnunet-0.13.1/src/util/strings.c:632:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fm = getenv ("HOME");
data/gnunet-0.13.1/src/util/strings.c:673:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
buffer = getenv ("PWD"); /* alternative */
data/gnunet-0.13.1/src/util/test_crypto_ecc_dlog.c:181:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_crypto_ecdh_ecdsa.c:80:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_crypto_ecdh_eddsa.c:81:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_crypto_ecdhe.c:48:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_crypto_ecdsa.c:251:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_crypto_eddsa.c:214:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv ("GNUNET_GCRYPT_DEBUG"))
data/gnunet-0.13.1/src/util/test_strings.c:82:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hdir = getenv ("HOME");
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[strlen (basename) + strlen (dirname) + 1];
data/gnunet-0.13.1/src/abd/abd_serialization.c:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[attr_len];
data/gnunet-0.13.1/src/abd/delegate_misc.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject_pkey[enclen + 1];
data/gnunet-0.13.1/src/abd/delegate_misc.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_pkey[enclen + 1];
data/gnunet-0.13.1/src/abd/delegate_misc.c:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iss_attr[253 + 1];
data/gnunet-0.13.1/src/abd/delegate_misc.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_attr[253 + 1] = "";
data/gnunet-0.13.1/src/abd/delegate_misc.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[256]; // TODO max payload size
data/gnunet-0.13.1/src/abd/delegate_misc.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[attr_len];
data/gnunet-0.13.1/src/abd/delegate_misc.c:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[attr_len];
data/gnunet-0.13.1/src/abd/gnunet-abd.c:960:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GNUNET_free_nz ((char *) delegates[i].issuer_attribute);
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1141:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_attribute_name[strlen (
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_attribute_name[strlen (vrh->issuer_attribute) + 1];
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[GNUNET_ABD_MAX_LENGTH + 1];
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_attribute[GNUNET_ABD_MAX_LENGTH + 1];
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1626:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[GNUNET_ABD_MAX_LENGTH + 1];
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1627:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char issuer_attribute[GNUNET_ABD_MAX_LENGTH + 1];
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:160:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr_str[253 + 1];
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:161:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject_pkey[52 + 1];
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:239:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GNUNET_free_nz ((char *) set[i].subject_attribute);
data/gnunet-0.13.1/src/abe/abe.c:89:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/gnunet-0.13.1/src/abe/abe.c:128:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char iv[16];
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pool_start + *pool_pos, str, strlen (str) + 1);
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[16];
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:2074:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wait_file = fopen (wait_filename, "w");
data/gnunet-0.13.1/src/arm/test_exponential_backoff.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[PATH_MAX];
data/gnunet-0.13.1/src/arm/test_exponential_backoff.c:374:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (killLogFilePtr = fopen (killLogFileName,
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:455:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *filename_slaves[l->num_slaves];
data/gnunet-0.13.1/src/ats/gnunet-service-ats_performance.c:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[msize] GNUNET_ALIGN;
data/gnunet-0.13.1/src/cadet/cadet_api.c:950:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&res[1], GNUNET_AGPL_URL, slen);
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60000];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet.c:222:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_channel.c:432:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_connection.c:1044:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_paths.c:751:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2048];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_peer.c:244:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[5];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_tunnels.c:519:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[64];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_tunnels.c:541:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/gnunet-0.13.1/src/cadet/gnunet-service-cadet_tunnels.c:3282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf [size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/consensus/gnunet-consensus-profiler.c:166:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statistics_file = fopen (statistics_filename, "w");
data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c:643:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c:657:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c:670:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c:683:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:574:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:877:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:1087:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_MESSAGE_LENGTH + 1];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback-gst.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:220:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record.c:500:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmt[PA_CHANNEL_MAP_SNPRINT_MAX];
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record.c:501:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sst[PA_SAMPLE_SPEC_SNPRINT_MAX];
data/gnunet-0.13.1/src/conversation/gnunet_gst.c:656:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/conversation/plugin_gnsrecord_conversation.c:124:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_port[103];
data/gnunet-0.13.1/src/conversation/speaker.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct AudioMessage) + data_size];
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/test_conversation_api_twocalls.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/conversation/test_conversation_api_twocalls.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/gnunet-0.13.1/src/core/gnunet-service-core.c:415:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[92];
data/gnunet-0.13.1/src/core/gnunet-service-core.c:816:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/core/gnunet-service-core_kx.c:1521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[used]; /* plaintext */
data/gnunet-0.13.1/src/core/gnunet-service-core_kx.c:1620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/core/gnunet-service-core_sessions.c:739:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[msize]; /* plaintext */
data/gnunet-0.13.1/src/datacache/perf_datacache.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gstr[128];
data/gnunet-0.13.1/src/datacache/perf_datacache.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datacache/test_datacache.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datacache/test_datacache_quota.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3200];
data/gnunet-0.13.1/src/datacache/test_datacache_quota.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/perf_datastore_api.c:355:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char data[65536];
data/gnunet-0.13.1/src/datastore/perf_datastore_api.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gstr[128];
data/gnunet-0.13.1/src/datastore/perf_datastore_api.c:611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/perf_plugin_datastore.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char category[256];
data/gnunet-0.13.1/src/datastore/perf_plugin_datastore.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[65536];
data/gnunet-0.13.1/src/datastore/perf_plugin_datastore.c:541:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/perf_plugin_datastore.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/test_datastore_api.c:72:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60000];
data/gnunet-0.13.1/src/datastore/test_datastore_api.c:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libname[128];
data/gnunet-0.13.1/src/datastore/test_datastore_api.c:710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/test_datastore_api_management.c:83:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[60000];
data/gnunet-0.13.1/src/datastore/test_datastore_api_management.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libname[PATH_MAX];
data/gnunet-0.13.1/src/datastore/test_datastore_api_management.c:387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/test_plugin_datastore.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[65536];
data/gnunet-0.13.1/src/datastore/test_plugin_datastore.c:356:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[size];
data/gnunet-0.13.1/src/datastore/test_plugin_datastore.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_name[PATH_MAX];
data/gnunet-0.13.1/src/datastore/test_plugin_datastore.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/dht/gnunet-service-dht_neighbours.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bloomfilter[DHT_BLOOM_SIZE];
data/gnunet-0.13.1/src/dht/gnunet-service-dht_neighbours.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bloomfilter[DHT_BLOOM_SIZE];
data/gnunet-0.13.1/src/dht/gnunet_dht_profiler.c:599:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[65536];
data/gnunet-0.13.1/src/dns/gnunet-dns-monitor.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[6];
data/gnunet-0.13.1/src/dns/gnunet-dns-monitor.c:103:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[6];
data/gnunet-0.13.1/src/dns/gnunet-dns-monitor.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/dns/gnunet-dns-redirector.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:178:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", flags);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:269:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:516:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buftun[MAX_SIZE];
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:523:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufin[MAX_SIZE];
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[IFNAMSIZ];
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:742:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mygid[32];
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:944:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long prefix_len = atol (argv[3]);
data/gnunet-0.13.1/src/dns/gnunet-service-dns.c:224:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *helper_argv[8];
data/gnunet-0.13.1/src/dns/gnunet-service-dns.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[reply_len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/dns/gnunet-zonewalk.c:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/dns/gnunet-zonewalk.c:566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[256];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:297:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *exit_argv[8];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:532:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[dlen] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1797:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:1889:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2878:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[pktlen] GNUNET_ALIGN;
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2958:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:2959:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3396:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int local_port = atoi (redirect);
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3397:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int remote_port = atoi (hostport);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:116:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", flags);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:208:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:251:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (dev, O_RDWR);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:260:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (dev, O_RDWR);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:268:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define init_tun(dev) open (dev, O_RDWR)
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:476:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buftun[MAX_SIZE];
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:483:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufin[MAX_SIZE];
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[IFNAMSIZ];
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:769:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long prefix_len = atol (argv[4]);
data/gnunet-0.13.1/src/fragmentation/fragmentation.c:150:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/gnunet-0.13.1/src/fragmentation/fragmentation.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[fc->mtu];
data/gnunet-0.13.1/src/fragmentation/test_fragmentation.c:166:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MTU + 32 * 1024];
data/gnunet-0.13.1/src/fragmentation/test_fragmentation_parallel.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MTU + 32 * 1024];
data/gnunet-0.13.1/src/fs/fs_api.c:1311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32 * 1024];
data/gnunet-0.13.1/src/fs/fs_dirmetascan.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[4];
data/gnunet-0.13.1/src/fs/fs_download.c:220:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[len];
data/gnunet-0.13.1/src/fs/fs_download.c:438:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/fs_download.c:666:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/fs_download.c:1028:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt[prc->size];
data/gnunet-0.13.1/src/fs/fs_search.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt[size - sizeof(struct UBlock)];
data/gnunet-0.13.1/src/fs/fs_search.c:873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt[len];
data/gnunet-0.13.1/src/fs/fs_test_lib.c:369:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/fs_tree.c:336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iob[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/fs_tree.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/fs_unindex.c:518:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt[size - sizeof(struct UBlock)];
data/gnunet-0.13.1/src/fs/fs_uri.c:420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h1[sizeof(struct GNUNET_CRYPTO_HashAsciiEncoded)];
data/gnunet-0.13.1/src/fs/fs_uri.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h2[sizeof(struct GNUNET_CRYPTO_HashAsciiEncoded)];
data/gnunet-0.13.1/src/fs/fs_uri.c:506:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h1[sizeof(struct GNUNET_CRYPTO_HashAsciiEncoded)];
data/gnunet-0.13.1/src/fs/fs_uri.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h2[sizeof(struct GNUNET_CRYPTO_HashAsciiEncoded)];
data/gnunet-0.13.1/src/fs/fs_uri.c:1900:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&ret[wpos], "%%%02X", (unsigned char) keyword[j]);
data/gnunet-0.13.1/src/fs/fs_uri.c:1925:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/fs/fs_uri.c:1990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_sig[SIGNATURE_ASCII_LENGTH + 1];
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:447:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *argv[14];
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:448:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char anon_level[20];
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:449:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char content_prio[20];
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:450:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char repl_level[20];
data/gnunet-0.13.1/src/fs/gnunet-daemon-fsprofiler.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kw[128];
data/gnunet-0.13.1/src/fs/gnunet-daemon-fsprofiler.c:565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char myoptname[128];
data/gnunet-0.13.1/src/fs/gnunet-download.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[w + 20];
data/gnunet-0.13.1/src/fs/gnunet-download.c:99:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "]\r");
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdata[data_len + 1];
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:416:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + slen];
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:477:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
z = open ("/dev/null", flags);
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ndata[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edata[DBLOCK_SIZE];
data/gnunet-0.13.1/src/fs/gnunet-service-fs_pr.c:1182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_HashCode) * 2] GNUNET_ALIGN;
data/gnunet-0.13.1/src/fs/test_fs_directory.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uri[512];
data/gnunet-0.13.1/src/fs/test_fs_directory.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/gnunet-0.13.1/src/fs/test_fs_namespace.c:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[1024];
data/gnunet-0.13.1/src/fs/test_fs_namespace.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/fs/test_fs_uri.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/fs/test_fs_uri.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[1024];
data/gnunet-0.13.1/src/fs/test_plugin_block_fs.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[4];
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:184:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (deffile, "w");
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:230:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (deffile, O_RDONLY);
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:450:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (fn, O_RDONLY);
data/gnunet-0.13.1/src/gns/gnunet-dns2gns.c:212:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&request->packet->answers[idx], &request->packet->answers[r_idx],
data/gnunet-0.13.1/src/gns/gnunet-dns2gns.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&request->packet->answers[r_idx], &tmp_answer,
data/gnunet-0.13.1/src/gns/gnunet-dns2gns.c:526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + 1];
data/gnunet-0.13.1/src/gns/gnunet-dns2gns.c:579:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:485:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[256];
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[270];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert[MAX_PEM_SIZE];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_PEM_SIZE];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[SOCKS_BUFFERSIZE];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:512:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[SOCKS_BUFFERSIZE];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char io_buf[IO_BUFFERSIZE];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dane_data[MAX_DANES + 1];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char certdn[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 3];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1843:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipaddr[INET6_ADDRSTRLEN + 2];
data/gnunet-0.13.1/src/gns/gnunet-service-gns.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 1];
data/gnunet-0.13.1/src/gns/gnunet-service-gns_interceptor.c:187:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
answer_records[i - skip_answers].data.raw.data = (char *) rd[i].data;
data/gnunet-0.13.1/src/gns/gnunet-service-gns_interceptor.c:253:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *) rd[i].data;
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:185:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[GNUNET_DNSPARSER_MAX_NAME_LENGTH + 1];
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UINT16_MAX];
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1772:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ip = GNUNET_strdup (&((const char *) rd[i].data)[off]);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[UINT16_MAX];
data/gnunet-0.13.1/src/gns/nss/nss_gns.c:169:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer + astart,
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name[MAX_ENTRIES];
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:187:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsbuf[514];
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:230:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_peer[103 + 1];
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:231:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_serv[253 + 1];
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cert[MAX_PEM_SIZE];
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:478:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_PEM_SIZE];
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[sizeof(uint32_t) + payload_len];
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[payload_len];
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_misc.c:67:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey) * 8];
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_misc.c:241:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[128];
data/gnunet-0.13.1/src/gnsrecord/perf_gnsrecord_crypto.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[15]; // between 1 and 15 bytes
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:242:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[data_size];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:251:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tag, &caa[1], caa->tag_len);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:252:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (value,
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:377:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nsbuf[256];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:396:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cnamebuf[256];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:470:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char certbuf[cert_size + sizeof(struct GNUNET_TUN_DnsCertRecord)];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:495:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soabuf[540];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:496:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soa_rname[253 + 1];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:497:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soa_mname[253 + 1];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:545:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptrbuf[256];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:565:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mxbuf[258];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:566:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mxhost[253 + 1];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:597:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvbuf[270];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:598:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srvtarget[253 + 1];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:654:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[slen];
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:687:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[15]; // Max tag length 15
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:688:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[strlen (s) + 1]; // Should be more than enough
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:702:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&caa[1], tag, strlen (tag));
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:704:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *) &caa[1] + caa->tag_len, value, strlen (value));
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_block_expiration.c:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[0].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_block_expiration.c:71:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[1].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_block_expiration.c:82:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[1].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_crypto.c:64:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_crypto.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_serialization.c:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) src[c].data, 'a', data_len);
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_serialization.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_ser[len];
data/gnunet-0.13.1/src/gnsrecord/test_gnsrecord_serialization.c:110:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[data_size];
data/gnunet-0.13.1/src/hello/gnunet-hello.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[fsize] GNUNET_ALIGN;
data/gnunet-0.13.1/src/hello/hello.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GNUNET_MAX_MESSAGE_SIZE - 1 - 256
data/gnunet-0.13.1/src/hello/hello.c:968:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[16] = "";
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:326:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char download_buffer[GNUNET_MAX_MESSAGE_SIZE - 1];
data/gnunet-0.13.1/src/identity/identity_api_lookup.c:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&req[1], name, nlen);
data/gnunet-0.13.1/src/identity/identity_api_suffix_lookup.c:208:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&req[1], suffix, nlen);
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->data_size + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->data_size + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->data_size + 1];
data/gnunet-0.13.1/src/include/gauger.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __gauger_s[32]; \
data/gnunet-0.13.1/src/include/gauger.h:27:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (__gauger_s, "%Lf", (long double) (value)); \
data/gnunet-0.13.1/src/include/gauger.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char __gauger_s[32]; \
data/gnunet-0.13.1/src/include/gauger.h:57:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (__gauger_s, "%Lf", (long double) (value)); \
data/gnunet-0.13.1/src/include/gnunet_common.h:1208:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (dst, src, n); \
data/gnunet-0.13.1/src/include/gnunet_common.h:1445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&(arr1) [(len1) - (len2)], _a2, (len2) * sizeof (*arr1)); \
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encoding[104];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:158:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:163:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:175:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:180:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q_y[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:211:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q_y[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:235:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q_y[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:248:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:260:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:272:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:284:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aes_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:289:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char twofish_key[GNUNET_CRYPTO_AES_KEY_LENGTH];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:302:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aes_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char twofish_iv[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[GNUNET_CRYPTO_HASH_LENGTH];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:332:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char n[GNUNET_CRYPTO_PAILLIER_BITS / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:344:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lambda[GNUNET_CRYPTO_PAILLIER_BITS / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:348:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mu[GNUNET_CRYPTO_PAILLIER_BITS / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:366:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:1399:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char q_y[256 / 8];
data/gnunet-0.13.1/src/include/gnunet_reclaim_lib.h:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[GNUNET_RECLAIM_ID_LENGTH];
data/gnunet-0.13.1/src/json/test_json.c:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blob[256];
data/gnunet-0.13.1/src/json/test_json.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blob2[256];
data/gnunet-0.13.1/src/json/test_json_mhd.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[5];
data/gnunet-0.13.1/src/namecache/namecache_api.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + sizeof(struct GNUNET_GNSRECORD_Block)] GNUNET_ALIGN;
data/gnunet-0.13.1/src/namecache/test_namecache_api_cache_block.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/namecache/test_plugin_namecache.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char domain_name[64];
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char public_key[128];
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sh[105];
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[64];
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r[1], raw_data, record.data_size);
data/gnunet-0.13.1/src/namestore/gnunet-service-namestore.c:550:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&oldest->rd[1], nick->data, nick->data_size);
data/gnunet-0.13.1/src/namestore/gnunet-service-namestore.c:584:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nick[1], pos->rd->data, pos->rd->data_size);
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:416:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char label[64];
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:447:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char raw[512];
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[65536];
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[INET6_ADDRSTRLEN + 1];
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:741:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[65536];
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:1669:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[256];
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[data_size];
data/gnunet-0.13.1/src/namestore/plugin_namestore_postgres.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[data_size];
data/gnunet-0.13.1/src/namestore/plugin_namestore_sqlite.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[data_size];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:738:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_public.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow.c:111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow_filter.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow_filter.c:311:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) records[0].data, TEST_RECORD_DATA, TEST_RECORD_DATALEN);
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_shadow_filter.c:319:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) records[1].data, TEST_SHADOW_RECORD_DATA,
data/gnunet-0.13.1/src/namestore/test_namestore_api_monitoring.c:250:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, 'a', 50);
data/gnunet-0.13.1/src/namestore/test_namestore_api_monitoring_existing.c:291:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data,
data/gnunet-0.13.1/src/namestore/test_namestore_api_store_update.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN];
data/gnunet-0.13.1/src/namestore/test_namestore_api_store_update.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rd_cmp_data[TEST_RECORD_DATALEN2];
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration.c:321:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, 'a', 50);
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_nick.c:269:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, 'a', 50);
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_specific_zone.c:299:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, 'a', 50);
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_stop.c:308:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
memset ((char *) rd[c].data, 'a', 50);
data/gnunet-0.13.1/src/namestore/test_plugin_namestore.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[64];
data/gnunet-0.13.1/src/namestore/test_plugin_namestore.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[64];
data/gnunet-0.13.1/src/namestore/test_plugin_namestore.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/nat-auto/gnunet-nat-auto.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unknown_type[64];
data/gnunet-0.13.1/src/nat-auto/gnunet-nat-auto.c:164:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (unknown_type, "NAT unknown, type %u", type);
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-client.c:78:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-client.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[sizeof(struct ip_header) * 2
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-client.c:354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[sizeof(struct ip_header) * 2
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-server.c:82:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define GNUNET_memcpy(dst, src, n) do { if (0 != n) { (void) memcpy (dst, src, \
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-server.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packet[sizeof(struct ip_header) + sizeof(struct icmp_echo_header)];
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-server.c:371:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536];
data/gnunet-0.13.1/src/nat/gnunet-nat.c:207:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + 1];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_externalip.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mybuf[40];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ia[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intv4[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remv4[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_helper.c:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_as_string[6];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[17];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:348:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[6];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[9];
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pstr[6];
data/gnunet-0.13.1/src/nat/nat_stun.h:194:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[64];
data/gnunet-0.13.1/src/nse/gnunet-nse-profiler.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer[512];
data/gnunet-0.13.1/src/nse/gnunet-service-nse.c:801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
data/gnunet-0.13.1/src/nse/gnunet-service-nse.c:849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
data/gnunet-0.13.1/src/nse/gnunet-service-nse.c:1011:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin[5];
data/gnunet-0.13.1/src/nse/gnunet-service-nse.c:1012:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pred[5];
data/gnunet-0.13.1/src/nse/perf_kdf.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/gnunet-0.13.1/src/peerinfo/gnunet-service-peerinfo.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GNUNET_MAX_MESSAGE_SIZE - 1] GNUNET_ALIGN;
data/gnunet-0.13.1/src/peerinfo/gnunet-service-peerinfo.c:917:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GNUNET_MAX_MESSAGE_SIZE - 1] GNUNET_ALIGN;
data/gnunet-0.13.1/src/peerstore/test_plugin_peerstore.c:190:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_name[PATH_MAX];
data/gnunet-0.13.1/src/pq/pq_connect.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (db->es,
data/gnunet-0.13.1/src/pq/pq_connect.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (db->ps,
data/gnunet-0.13.1/src/pq/pq_connect.c:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[slen];
data/gnunet-0.13.1/src/pq/pq_connect.c:229:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[slen];
data/gnunet-0.13.1/src/pq/pq_connect.c:245:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patch_name[slen];
data/gnunet-0.13.1/src/pq/pq_prepare.c:80:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rps,
data/gnunet-0.13.1/src/pq/pq_prepare.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&rps[olen],
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:446:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", flags);
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ips[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:502:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (payload, ¶ms, sizeof(params));
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:506:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tmp, code_challenge, code_challenge_len);
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf_ptr, &ecdh_pub, sizeof(ecdh_pub));
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:679:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ticket, ¶ms->ticket, sizeof(params->ticket));
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1702:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:468:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1225:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/regex/gnunet-regex-profiler.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer[512];
data/gnunet-0.13.1/src/regex/gnunet-regex-profiler.c:555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer[512];
data/gnunet-0.13.1/src/regex/gnunet-regex-profiler.c:734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer[512];
data/gnunet-0.13.1/src/regex/perf-regex.c:102:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
alphabet_size = atoi (argv[2]);
data/gnunet-0.13.1/src/regex/perf-regex.c:103:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
compression = atoi (argv[3]);
data/gnunet-0.13.1/src/regex/regex_internal.c:2808:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curlabel[2];
data/gnunet-0.13.1/src/regex/regex_internal.c:3204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2];
data/gnunet-0.13.1/src/regex/regex_test_graph.c:291:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctx.filep = fopen (filename, "w");
data/gnunet-0.13.1/src/regex/regex_test_lib.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[20];
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[200];
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:207:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[200];
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:48:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fp = fopen (filename, "r")))
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *regex[12] = {
data/gnunet-0.13.1/src/regex/test_regex_integration.c:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxstr4[GNUNET_TUN_IPV4_REGEXLEN];
data/gnunet-0.13.1/src/regex/test_regex_integration.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxstr6[GNUNET_TUN_IPV6_REGEXLEN];
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings[20];
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:171:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ctx.graph_filep = fopen (filename, "w");
data/gnunet-0.13.1/src/regex/test_regex_proofs.c:114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *regex[8] = {
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_url[strlen (url) + 1];
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_data[handle->rest_handle->data_size + 1];
data/gnunet-0.13.1/src/revocation/revocation_api.c:434:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
data/gnunet-0.13.1/src/revocation/revocation_api.c:621:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:923:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[512]; \
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2001:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2002:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dh_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2003:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dhr_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2004:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dhru_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2075:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2076:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dh_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2077:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dhr_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:2078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name_dhru_buf[128];
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:1444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peer_string[128];
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:2926:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_hash[105];
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:2996:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char collect_str[SIZE_DUMP_FILE + 1] = "";
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:3005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char collect_str_tmp[8];
data/gnunet-0.13.1/src/rps/rps-test_util.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_write[size_buf + 1];
data/gnunet-0.13.1/src/rps/rps-test_util.c:466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_str[64];
data/gnunet-0.13.1/src/rps/rps-test_util.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[512] = ""; \
data/gnunet-0.13.1/src/rps/rps-test_util.h:83:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define to_file_w_len(file_name, len, ...) do { char tmp_buf [len]; \
data/gnunet-0.13.1/src/rps/test_rps.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[512]; \
data/gnunet-0.13.1/src/secretsharing/gnunet-secretsharing-profiler.c:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pubkey_str[1024];
data/gnunet-0.13.1/src/secretsharing/gnunet-service-secretsharing.c:1007:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/gnunet-service-secretsharing.c:1008:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/gnunet-service-secretsharing.c:1009:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
data/gnunet-0.13.1/src/secretsharing/gnunet-service-secretsharing.c:1664:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v_data[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing.h:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t1[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t2[GNUNET_CRYPTO_PAILLIER_BITS * 2 / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char z[GNUNET_SECRETSHARING_ELGAMAL_BITS / 8];
data/gnunet-0.13.1/src/secretsharing/secretsharing_protocol.h:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[GNUNET_CRYPTO_PAILLIER_BITS / 8];
data/gnunet-0.13.1/src/set/gnunet-service-set_union.c:688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64] = { 0 };
data/gnunet-0.13.1/src/set/gnunet-service-set_union.c:913:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen ("set.log", "a");
data/gnunet-0.13.1/src/set/gnunet-set-profiler.c:160:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
statistics_file = fopen (statistics_filename, "w");
data/gnunet-0.13.1/src/set/plugin_block_set_test.c:62:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(0 != ((char *) reply_block)[0]))
data/gnunet-0.13.1/src/statistics/test_statistics_api_loop.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/gnunet-0.13.1/src/testbed-logger/test_testbed_logger_api.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BSIZE];
data/gnunet-0.13.1/src/testbed-logger/testbed_logger_api.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFFER_SIZE];
data/gnunet-0.13.1/src/testbed/gnunet-helper-testbed.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[16];
data/gnunet-0.13.1/src/testbed/gnunet-helper-testbed.c:498:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GNUNET_MAX_MESSAGE_SIZE];
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char service[256];
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:460:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ss_str = (char *) ss[cnt].service;
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cpustatus.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cpustatus.c:626:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proc_stat = fopen ("/proc/stat", "r");
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2048];
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:72:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fd == -1 && (fd = open (filename, O_RDONLY)) == -1) { \
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[16]; /* big enough to hold any row name */
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_oc.c:1897:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pid_str[16];
data/gnunet-0.13.1/src/testbed/test_testbed_api_barriers.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[PATH_MAX];
data/gnunet-0.13.1/src/testbed/test_testbed_underlay.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwd[PATH_MAX];
data/gnunet-0.13.1/src/testbed/testbed.h:797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/gnunet-0.13.1/src/testbed/testbed.h:814:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/gnunet-0.13.1/src/testbed/testbed.h:842:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/gnunet-0.13.1/src/testbed/testbed.h:860:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0];
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:1124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *helper_binary_path_args[2];
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stat_args[3];
data/gnunet-0.13.1/src/testbed/testbed_api_testbed.c:1107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostip[NI_MAXHOST];
data/gnunet-0.13.1/src/testing/testing.c:793:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cval[12];
data/gnunet-0.13.1/src/testing/testing.c:794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uval[PATH_MAX];
data/gnunet-0.13.1/src/testing/testing.c:1768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[slen];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cread_buf[BUF_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwrite_buf[BUF_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pread_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pwrite_buf[UINT16_MAX + 1 + sizeof(struct TCPBox)];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ibuf[INITIAL_KX_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:758:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (smac, &mac, sizeof(struct GNUNET_ShortHashCode));
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:784:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (queue->pwrite_buf, &fin, sizeof(fin));
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[256 / 8];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:910:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctr[128 / 8];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1660:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&queue->pwrite_buf[queue->pwrite_off], &box, sizeof(box));
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1662:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&queue->pwrite_buf[queue->pwrite_off], msg, msize);
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (queue->cwrite_buf, epub, sizeof(*epub));
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1891:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ths.ephemeral, ibuf, sizeof(struct GNUNET_CRYPTO_EcdhePublicKey));
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:2436:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&in_sto, addr, in_len);
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:2649:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcm_tag[GCM_TAG_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gcm_tag[GCM_TAG_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:984:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[AES_KEY_SIZE],
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:985:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[AES_IV_SIZE])
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:988:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[AES_KEY_SIZE + AES_IV_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1002:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key, res, AES_KEY_SIZE);
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1003:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (iv, &res[AES_KEY_SIZE], AES_IV_SIZE);
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[AES_KEY_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iv[AES_IV_SIZE];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1192:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char tag[GCM_TAG_SIZE],
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1424:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[box_len - sizeof(*box)];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1628:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UINT16_MAX];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1711:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[rcvd - sizeof(struct InitialKX)];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1775:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[pad_size];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1914:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pad, &hdr, sizeof(hdr));
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1941:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dgram[receiver->kx_mtu + sizeof(uc) + sizeof(kx)];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1993:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dgram, &kx, sizeof(kx));
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:2040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dgram[sizeof(struct UDPBox) + receiver->d_mtu];
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:2786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&in_sto, in, in_len);
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:539:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&queue->msg[1], msg, msize);
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[IFNAMSIZ];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:115:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE * 2];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:783:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpbuf[buf_size];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1027:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[512];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[19] = { 0 }; // the device MAC address
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1230:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[19] = { 0 };
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1269:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[19] = { 0 };
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1276:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[19] = { 0 };
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1387:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE] = { 0 };
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE * 2];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:271:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpin = fopen (FIFO_FILE1, "r");
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:279:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fpout = fopen (FIFO_FILE2, "w")))
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:282:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = fopen (FIFO_FILE2, "w");
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:295:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (fpout = fopen (FIFO_FILE1, "w")))
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:298:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpout = fopen (FIFO_FILE1, "w");
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:307:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpin = fopen (FIFO_FILE2, "r");
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:279:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[PRISM_DEVICE_NAME_LENGTH];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iface[IFNAMSIZ];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXLINE * 2];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1431:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpbuf[buf_size];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1789:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[512];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1945:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuf[MAXLINE];
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:3199:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&md[1], address, addr_len);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4178:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&smt[1], payload, payload_size);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aes_key[256 / 8];
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aes_ctr[128 / 8];
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enc[sizeof(struct TransportDVBoxPayloadP) + enc_body_size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct TransportDVBoxMessage)
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4557:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &box_hdr, sizeof(box_hdr));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4559:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dhops,
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4586:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dhops[num_hops], enc, sizeof(enc));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4898:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&pm[1], obmm, bytes_msg);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4935:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4953:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&be[1], inbox, isize);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4954:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mbuf[sizeof(struct TransportBackchannelEncapsulationMessage)
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:5097:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ale[1], &aam[1], slen);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:5268:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&im[1], mh, size);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:5359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct TransportReliabilityAckMessage)
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:5598:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&target[frag_off], &fb[1], fsize);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:6039:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cbi[1], inbox, isize);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:6286:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&hop[1],
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:6366:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct TransportDVLearnMessage)
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7041:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, hdr, sizeof(*hdr));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7044:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dhops, hops, num_hops * sizeof(struct GNUNET_PeerIdentity));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7045:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&dhops[num_hops], enc_payload, enc_payload_size);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[hdr_len - sizeof(ppay)] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&b[1], body, sizeof(body));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:8387:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg, &tfb, sizeof(tfb));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:8388:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&msg[sizeof(tfb)], &orig[ff->frag_off], fragsize);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:8465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg, &rbox, sizeof(rbox));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:8466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&msg[sizeof(rbox)], &pm[1], pm->bytes_msg);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:8715:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&bpm[1], hdr, bsize);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:9171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cqm[1], address, alen);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:9560:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&queue[1], addr, addr_len);
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:1462:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:2579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg_sect[512];
data/gnunet-0.13.1/src/transport/gnunet-service-transport_neighbours.c:561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-service-transport_plugins.c:402:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char unable_to_show[1024];
data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c:611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message_buf[tsize] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-receiver.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buf[65536];
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-sender.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buf[WLAN_MTU];
data/gnunet-0.13.1/src/transport/plugin_transport_http_client.c:660:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[size + 2];
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:109:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->port = atoi (port_start);
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:133:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sp->port = atoi (port_start);
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:262:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[1024];
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:570:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[1024];
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:616:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[1024];
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:700:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options = atol (optionstr); /* 0 on conversion error, that's ok */
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:806:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (((char *) addr)[addrlen - 1] != '\0')
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:2069:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1512:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[INET6_ADDRSTRLEN + 12];
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1619:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options = atol (optionstr);
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:866:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[INET6_ADDRSTRLEN + 10];
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:867:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:972:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options = atol (optionstr);
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:1976:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[udpmlen] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:2920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_udp_broadcasting.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_udp_broadcasting.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:369:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rbuf[1024];
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:996:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65536] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1553:13: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
options = atol (optionstr);
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *helper_argv[3];
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:586:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char macstr[20];
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:615:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char macstr[36];
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:739:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:1013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:1436:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:1733:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:2125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plugin[5];
data/gnunet-0.13.1/src/transport/tcp_connection_legacy.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr[128];
data/gnunet-0.13.1/src/transport/tcp_connection_legacy.c:1109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[connection->max];
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1032:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pidfd = fopen (pif, "w");
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1211:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open ("/dev/null", O_RDWR | O_APPEND);
data/gnunet-0.13.1/src/transport/test_communicator_basic.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cfg_peers_name[NUM_PEERS];
data/gnunet-0.13.1/src/transport/test_communicator_basic.c:209:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (payload, &ts_n, sizeof (struct GNUNET_TIME_AbsoluteNBO));
data/gnunet-0.13.1/src/transport/test_plugin_transport.c:686:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *helper_argv[3];
data/gnunet-0.13.1/src/transport/test_quota_compliance.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *gen_cfgs[2];
data/gnunet-0.13.1/src/transport/test_transport_api_reliability.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bitmap[TOTAL_MSGS / 8];
data/gnunet-0.13.1/src/transport/test_transport_api_reliability.c:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[GNUNET_MAX_MESSAGE_SIZE - 1];
data/gnunet-0.13.1/src/transport/transport-testing-main.c:575:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cfg_names[num_peers];
data/gnunet-0.13.1/src/transport/transport-testing2.c:408:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cbi[1], msg, isize);
data/gnunet-0.13.1/src/transport/transport-testing2.c:1144:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&msg[1], address, alen);
data/gnunet-0.13.1/src/transport/transport-testing2.c:1224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mh[1],
data/gnunet-0.13.1/src/transport/transport_api2_application.c:392:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&m[1], addr, alen);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:368:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&aam[1], ai->address, strlen (ai->address) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:419:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&aqm[1], qh->address, strlen (qh->address) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:785:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cam[1], ch->addr_prefix, strlen (ch->addr_prefix) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:933:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&im[1], msg, msize);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:1140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cb[1], header, mlen);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:1141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (((char *) &cb[1]) + mlen, comm, slen);
data/gnunet-0.13.1/src/util/benchmark.c:243:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trunc[MAX_BENCHMARK_URL_LEN];
data/gnunet-0.13.1/src/util/benchmark.c:253:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (trunc, url, MAX_BENCHMARK_URL_LEN);
data/gnunet-0.13.1/src/util/benchmark.c:280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&urd.request_url, trunc, MAX_BENCHMARK_URL_LEN);
data/gnunet-0.13.1/src/util/benchmark.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_url[MAX_BENCHMARK_URL_LEN];
data/gnunet-0.13.1/src/util/buffer.c:90:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf->mem + buf->position, data, len);
data/gnunet-0.13.1/src/util/common_logging.c:110:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char last_bulk[BULK_TRACK_SIZE] __nonstring;
data/gnunet-0.13.1/src/util/common_logging.c:130:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char last_bulk_comp[COMP_TRACK_SIZE + 1];
data/gnunet-0.13.1/src/util/common_logging.c:305:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *rotation[ROTATION_KEEP];
data/gnunet-0.13.1/src/util/common_logging.c:333:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char last_fn[PATH_MAX + 1];
data/gnunet-0.13.1/src/util/common_logging.c:334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX + 1];
data/gnunet-0.13.1/src/util/common_logging.c:371:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
altlog_fd = open (fn,
data/gnunet-0.13.1/src/util/common_logging.c:832:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char id_buf[27];
data/gnunet-0.13.1/src/util/common_logging.c:880:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[DATE_STR_SIZE + BULK_TRACK_SIZE + 256];
data/gnunet-0.13.1/src/util/common_logging.c:968:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[DATE_STR_SIZE];
data/gnunet-0.13.1/src/util/common_logging.c:969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date2[DATE_STR_SIZE];
data/gnunet-0.13.1/src/util/common_logging.c:980:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size];
data/gnunet-0.13.1/src/util/common_logging.c:1013:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (date, "localtime error");
data/gnunet-0.13.1/src/util/common_logging.c:1084:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comp_w_pid[128];
data/gnunet-0.13.1/src/util/common_logging.c:1259:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[64];
data/gnunet-0.13.1/src/util/common_logging.c:1279:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[32];
data/gnunet-0.13.1/src/util/common_logging.c:1316:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[5];
data/gnunet-0.13.1/src/util/common_logging.c:1341:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[5];
data/gnunet-0.13.1/src/util/common_logging.c:1363:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[256];
data/gnunet-0.13.1/src/util/common_logging.c:1389:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[LEN];
data/gnunet-0.13.1/src/util/common_logging.c:1391:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char b2[6];
data/gnunet-0.13.1/src/util/common_logging.c:1421:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (buf, "]:");
data/gnunet-0.13.1/src/util/configuration.c:970:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[64];
data/gnunet-0.13.1/src/util/configuration.c:994:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/configuration.c:1023:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/container_bloomfilter.c:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFSIZE];
data/gnunet-0.13.1/src/util/crypto_ecc.c:197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
data/gnunet-0.13.1/src/util/crypto_ecc.c:198:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_sign_SECRETKEYBYTES];
data/gnunet-0.13.1/src/util/crypto_ecc.c:714:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk[crypto_sign_SECRETKEYBYTES];
data/gnunet-0.13.1/src/util/crypto_ecc.c:715:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pk[crypto_sign_PUBLICKEYBYTES];
data/gnunet-0.13.1/src/util/crypto_ecc.c:1035:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a, &hc, sizeof (struct GNUNET_CRYPTO_EcdhePrivateKey));
data/gnunet-0.13.1/src/util/crypto_ecc_setup.c:72:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (filename,
data/gnunet-0.13.1/src/util/crypto_ecc_setup.c:163:8: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp (tmpl);
data/gnunet-0.13.1/src/util/crypto_hash.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upper_enc[enclen];
data/gnunet-0.13.1/src/util/crypto_hash.c:256:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (((unsigned char *) code)[bit >> 3] & (128 >> (bit & 7))) > 0;
data/gnunet-0.13.1/src/util/crypto_hash.c:271:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
return (((unsigned char *) code)[bit >> 3] & (1 << (bit & 7))) > 0;
data/gnunet-0.13.1/src/util/crypto_hkdf.c:121:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf ("%2x", (int) ((const unsigned char *) p)[i]);
data/gnunet-0.13.1/src/util/crypto_hkdf.c:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prk[xtr_len];
data/gnunet-0.13.1/src/util/crypto_rsa.c:391:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &hdr, sizeof (hdr));
data/gnunet-0.13.1/src/util/crypto_symmetric.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[size];
data/gnunet-0.13.1/src/util/crypto_symmetric.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[size];
data/gnunet-0.13.1/src/util/crypto_symmetric.c:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char aes_salt[salt_len + 4];
data/gnunet-0.13.1/src/util/crypto_symmetric.c:239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char twofish_salt[salt_len + 4];
data/gnunet-0.13.1/src/util/disk.c:476:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
if (-1 == (fd = mkstemp (fn)))
data/gnunet-0.13.1/src/util/disk.c:1247:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (expfn,
data/gnunet-0.13.1/src/util/dnsparser.c:1264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[max];
data/gnunet-0.13.1/src/util/dnsparser.c:1363:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (&ret[off * 2], "%02x", idata[off]);
data/gnunet-0.13.1/src/util/dnsparser.c:1383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[3];
data/gnunet-0.13.1/src/util/dnsstub.c:305:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[len] GNUNET_ALIGN;
data/gnunet-0.13.1/src/util/getopt_helpers.c:562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/getopt_helpers.c:845:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/getopt_helpers.c:918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[out_len];
data/gnunet-0.13.1/src/util/gnunet-ecc.c:84:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char vanity[KEY_STR_LEN + 1];
data/gnunet-0.13.1/src/util/gnunet-ecc.c:92:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (f = fopen (fn, "w+")))
data/gnunet-0.13.1/src/util/gnunet-ecc.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gnunet-0.13.1/src/util/gnunet-scrypt.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(struct GNUNET_CRYPTO_EddsaPublicKey)
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:951:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqdn[255];
data/gnunet-0.13.1/src/util/gnunet-timeout.c:80:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timeout = atoi (argv[1]);
data/gnunet-0.13.1/src/util/helper.c:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GNUNET_MAX_MESSAGE_SIZE] GNUNET_ALIGN;
data/gnunet-0.13.1/src/util/network.c:1286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char open_port_str[6];
data/gnunet-0.13.1/src/util/os_installation.c:147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[64];
data/gnunet-0.13.1/src/util/os_installation.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/gnunet-0.13.1/src/util/os_installation.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[1024];
data/gnunet-0.13.1/src/util/os_installation.c:154:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (f = fopen (fn, "r")))
data/gnunet-0.13.1/src/util/os_installation.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[64];
data/gnunet-0.13.1/src/util/os_installation.c:182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnk[1024];
data/gnunet-0.13.1/src/util/os_network.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/gnunet-0.13.1/src/util/os_network.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifc[12];
data/gnunet-0.13.1/src/util/os_network.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[128];
data/gnunet-0.13.1/src/util/os_network.c:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bcstr[128];
data/gnunet-0.13.1/src/util/os_network.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netmaskstr[128];
data/gnunet-0.13.1/src/util/os_network.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/gnunet-0.13.1/src/util/os_network.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ifname[64];
data/gnunet-0.13.1/src/util/os_network.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afstr[6];
data/gnunet-0.13.1/src/util/os_network.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrstr[128];
data/gnunet-0.13.1/src/util/os_priority.c:308:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/null", flags);
data/gnunet-0.13.1/src/util/os_priority.c:354:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fds[16];
data/gnunet-0.13.1/src/util/os_priority.c:467:9: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
ret = vfork ();
data/gnunet-0.13.1/src/util/os_priority.c:498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fdbuf[100];
data/gnunet-0.13.1/src/util/os_priority.c:1049:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/util/perf_crypto_asymmetric.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[64];
data/gnunet-0.13.1/src/util/perf_crypto_hash.c:37:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 * 1024];
data/gnunet-0.13.1/src/util/perf_crypto_hash.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/gnunet-0.13.1/src/util/perf_crypto_hash.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[128];
data/gnunet-0.13.1/src/util/perf_crypto_hash.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gnunet-0.13.1/src/util/perf_crypto_hash.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skm[64];
data/gnunet-0.13.1/src/util/perf_crypto_rsa.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[128];
data/gnunet-0.13.1/src/util/perf_crypto_symmetric.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64 * 1024];
data/gnunet-0.13.1/src/util/perf_crypto_symmetric.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[64 * 1024];
data/gnunet-0.13.1/src/util/regex.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char before[36]; /* 16 * 2 + 3 dots + 0-terminator */
data/gnunet-0.13.1/src/util/regex.c:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char middlel[33]; /* 16 * 2 + 0-terminator */
data/gnunet-0.13.1/src/util/regex.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char middleh[33]; /* 16 * 2 + 0-terminator */
data/gnunet-0.13.1/src/util/regex.c:247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char after[36]; /* 16 * 2 + 3 dots + 0-terminator */
data/gnunet-0.13.1/src/util/regex.c:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char beforep[36 + 2]; /* 16 * 2 + 3 dots + 0-terminator + ()*/
data/gnunet-0.13.1/src/util/regex.c:249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char middlehp[33 + 2]; /* 16 * 2 + 0-terminator + () */
data/gnunet-0.13.1/src/util/regex.c:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char middlelp[33 + 2]; /* 16 * 2 + 0-terminator + () */
data/gnunet-0.13.1/src/util/regex.c:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char afterp[36 + 2]; /* 16 * 2 + 3 dots + 0-terminator + () */
data/gnunet-0.13.1/src/util/regex.c:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dots[5 * strlen (DOT)];
data/gnunet-0.13.1/src/util/regex.c:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/gnunet-0.13.1/src/util/resolver_api.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/util/resolver_api.c:897:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/util/resolver_api.c:1150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[GNUNET_OS_get_hostname_max_length () + 1];
data/gnunet-0.13.1/src/util/resolver_api.c:1239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[GNUNET_OS_get_hostname_max_length () + 1];
data/gnunet-0.13.1/src/util/scheduler.c:2376:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lsof[512];
data/gnunet-0.13.1/src/util/service.c:1464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/service.c:1764:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nullfd = open ("/dev/null", O_RDWR | O_APPEND);
data/gnunet-0.13.1/src/util/service.c:1831:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&res[1], GNUNET_AGPL_URL, slen);
data/gnunet-0.13.1/src/util/strings.c:226:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, slen);
data/gnunet-0.13.1/src/util/strings.c:704:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[128];
data/gnunet-0.13.1/src/util/strings.c:758:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static GNUNET_THREAD_LOCAL char buf[255];
data/gnunet-0.13.1/src/util/strings.c:1227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zbuf[addrlen + 1];
data/gnunet-0.13.1/src/util/strings.c:1231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/strings.c:1304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/strings.c:1486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eol[2];
data/gnunet-0.13.1/src/util/strings.c:1551:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/strings.c:1744:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/gnunet-0.13.1/src/util/strings.c:2057:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, data, len);
data/gnunet-0.13.1/src/util/strings.c:2072:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&s[len],
data/gnunet-0.13.1/src/util/test_bio.c:203:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char meta[1024 * 1024 * 10];
data/gnunet-0.13.1/src/util/test_bio.c:244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rString[200];
data/gnunet-0.13.1/src/util/test_bio.c:261:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[102401];
data/gnunet-0.13.1/src/util/test_bio.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rResult[200];
data/gnunet-0.13.1/src/util/test_common_allocation.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ptrs[MAX_TESTVAL];
data/gnunet-0.13.1/src/util/test_common_allocation.c:69:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (ptrs[0], "Hello World");
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:100:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int phase_to2, char c, const char *expect_level,
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:100:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int phase_to2, char c, const char *expect_level,
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:102:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p,
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:103:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int *len, long *delay, char level[8])
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[7];
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:212:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[LOG_BUFFER_SIZE];
data/gnunet-0.13.1/src/util/test_common_logging_runtime_loglevels.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[8];
data/gnunet-0.13.1/src/util/test_container_bloomfilter.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SIZE];
data/gnunet-0.13.1/src/util/test_container_meta_data.c:39:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[256];
data/gnunet-0.13.1/src/util/test_container_meta_data.c:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/gnunet-0.13.1/src/util/test_container_meta_data.c:224:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[128];
data/gnunet-0.13.1/src/util/test_crypto_crc.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/util/test_crypto_hash.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char block[65536];
data/gnunet-0.13.1/src/util/test_crypto_hash.c:141:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GNUNET_assert (NULL != (f = fopen (FILENAME, "w+")));
data/gnunet-0.13.1/src/util/test_crypto_hash_context.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1234];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:38:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[22] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:41:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[13] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[10] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[42] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[44];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:75:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:83:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:91:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[82] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[84];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[22] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[42] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:123:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char result[44];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:138:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[11] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:141:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[13] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:144:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[10] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:146:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[42] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[84];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:166:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:174:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:182:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:190:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[82] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[84];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:213:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[22] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:216:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[42] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[44];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:236:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:244:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[80] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:252:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info1[34] = { 0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:258:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info2[46] = { 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, 0xd8, 0xd9,
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[82] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[84];
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:290:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ikm[32] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char salt[4] = { 0xfc, 0x62, 0x76, 0x35 };
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:295:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char info[86] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:304:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char okm[16] =
data/gnunet-0.13.1/src/util/test_crypto_hkdf.c:307:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[18];
data/gnunet-0.13.1/src/util/test_crypto_kdf.c:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd_blk[RND_BLK_SIZE];
data/gnunet-0.13.1/src/util/test_crypto_rsa.c:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd_blk[RND_BLK_SIZE];
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[100];
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[100];
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[GNUNET_CRYPTO_AES_KEY_LENGTH];
data/gnunet-0.13.1/src/util/test_disk.c:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100 + 1];
data/gnunet-0.13.1/src/util/test_hexcoder.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[strlen (TESTSTRING) + 1];
data/gnunet-0.13.1/src/util/test_os_network.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/util/test_os_start_process.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/gnunet-0.13.1/src/util/test_regex.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxv4[GNUNET_TUN_IPV4_REGEXLEN];
data/gnunet-0.13.1/src/util/test_regex.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rxv6[GNUNET_TUN_IPV6_REGEXLEN];
data/gnunet-0.13.1/src/util/test_resolver_api.c:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/util/test_strings.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/gnunet-0.13.1/src/util/test_strings_to_data.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/gnunet-0.13.1/src/util/test_strings_to_data.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[128];
data/gnunet-0.13.1/src/util/test_strings_to_data.c:34:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[128];
data/gnunet-0.13.1/src/util/test_tun.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char payload[pll];
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:96:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (-1 == (fd = open ("/dev/net/tun", O_RDWR)))
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:389:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buftun[MAX_SIZE];
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:396:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufin[MAX_SIZE];
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev[IFNAMSIZ];
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:650:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long prefix_len = atol (argv[3]);
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:354:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *vpn_argv[7];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:600:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dest[256];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:742:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:762:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + sizeof(struct GNUNET_TUN_IPv4Header) + 8] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:915:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size + sizeof(struct GNUNET_TUN_IPv6Header) + 8] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1138:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1178:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1287:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1321:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[size] GNUNET_ALIGN;
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1504:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[GNUNET_TUN_IPV4_REGEXLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1518:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[GNUNET_TUN_IPV6_REGEXLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1707:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1708:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1709:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1732:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1733:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:2312:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:2344:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:2678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:2679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:2756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/src/vpn/gnunet-vpn.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:46:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char tmp[strlen (basename) + strlen (dirname) + 1];
data/gnunet-0.13.1/contrib/test_gnunet_prefix.c:46:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char tmp[strlen (basename) + strlen (dirname) + 1];
data/gnunet-0.13.1/src/abd/abd_api.c:450:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (issuer_attribute) + 1;
data/gnunet-0.13.1/src/abd/abd_api.c:468:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_msg->issuer_attribute_len = htons (strlen (issuer_attribute));
data/gnunet-0.13.1/src/abd/abd_api.c:471:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&c_msg[1], issuer_attribute, strlen (issuer_attribute));
data/gnunet-0.13.1/src/abd/abd_api.c:529:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (issuer_attribute) + 1 + clen;
data/gnunet-0.13.1/src/abd/abd_api.c:548:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v_msg->issuer_attribute_len = htons (strlen (issuer_attribute));
data/gnunet-0.13.1/src/abd/abd_api.c:551:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&v_msg[1], issuer_attribute, strlen (issuer_attribute));
data/gnunet-0.13.1/src/abd/abd_api.c:556:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (issuer_attribute) + 1);
data/gnunet-0.13.1/src/abd/delegate_misc.c:127:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + 1;
data/gnunet-0.13.1/src/abd/delegate_misc.c:131:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + strlen (sub_attr) + 2;
data/gnunet-0.13.1/src/abd/delegate_misc.c:131:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + strlen (sub_attr) + 2;
data/gnunet-0.13.1/src/abd/delegate_misc.c:136:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (tmp_str, iss_attr, strlen (iss_attr));
data/gnunet-0.13.1/src/abd/delegate_misc.c:139:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str[strlen (iss_attr)] = '\0';
data/gnunet-0.13.1/src/abd/delegate_misc.c:140:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (tmp_str + strlen (iss_attr) + 1,
data/gnunet-0.13.1/src/abd/delegate_misc.c:142:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (sub_attr));
data/gnunet-0.13.1/src/abd/delegate_misc.c:147:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (subject_pkey),
data/gnunet-0.13.1/src/abd/delegate_misc.c:150:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (issuer_pkey),
data/gnunet-0.13.1/src/abd/delegate_misc.c:154:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (signature),
data/gnunet-0.13.1/src/abd/delegate_misc.c:163:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->issuer_attribute_len = strlen (iss_attr);
data/gnunet-0.13.1/src/abd/delegate_misc.c:171:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->subject_attribute = (char *) &dele[1] + strlen (iss_attr) + 1;
data/gnunet-0.13.1/src/abd/delegate_misc.c:172:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->subject_attribute_len = strlen (sub_attr);
data/gnunet-0.13.1/src/abd/delegate_misc.c:204:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + 1;
data/gnunet-0.13.1/src/abd/delegate_misc.c:209:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + strlen (sub_attr) + 2;
data/gnunet-0.13.1/src/abd/delegate_misc.c:209:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attr_len = strlen (iss_attr) + strlen (sub_attr) + 2;
data/gnunet-0.13.1/src/abd/delegate_misc.c:214:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (tmp_str, iss_attr, strlen (iss_attr));
data/gnunet-0.13.1/src/abd/delegate_misc.c:217:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_str[strlen (iss_attr)] = '\0';
data/gnunet-0.13.1/src/abd/delegate_misc.c:218:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (tmp_str + strlen (iss_attr) + 1,
data/gnunet-0.13.1/src/abd/delegate_misc.c:220:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (sub_attr));
data/gnunet-0.13.1/src/abd/delegate_misc.c:231:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
del->issuer_attribute_len = htonl (strlen (iss_attr) + 1);
data/gnunet-0.13.1/src/abd/delegate_misc.c:238:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
del->subject_attribute_len = htonl (strlen (sub_attr) + 1);
data/gnunet-0.13.1/src/abd/delegate_misc.c:256:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->issuer_attribute_len = strlen (iss_attr);
data/gnunet-0.13.1/src/abd/delegate_misc.c:264:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->subject_attribute = (char *) &dele[1] + strlen (iss_attr) + 1;
data/gnunet-0.13.1/src/abd/delegate_misc.c:265:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele->subject_attribute_len = strlen (sub_attr);
data/gnunet-0.13.1/src/abd/gnunet-abd.c:409:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (issuer_key),
data/gnunet-0.13.1/src/abd/gnunet-abd.c:684:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (key_length == strlen (token))
data/gnunet-0.13.1/src/abd/gnunet-abd.c:690:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf (stderr, "Key error, wrong length: %ld!\n", strlen (token));
data/gnunet-0.13.1/src/abd/gnunet-abd.c:706:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (subject_pubkey_str),
data/gnunet-0.13.1/src/abd/gnunet-abd.c:872:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (subject),
data/gnunet-0.13.1/src/abd/gnunet-abd.c:892:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (issuer_key),
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:484:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dd->issuer_attribute_len = strlen (ch_entry->issuer_attribute) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:490:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dd->subject_attribute_len = strlen (ch_entry->subject_attribute) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:537:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dd[i].issuer_attribute_len = strlen (dce->issuer_attribute) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:543:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dd[i].subject_attribute_len = strlen (dce->subject_attribute) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:571:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dele[i].issuer_attribute_len = strlen (del->delegate->issuer_attribute) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1141:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char issuer_attribute_name[strlen (
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1154:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (next_attr) ==
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1155:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ds_entry->unresolved_attribute_delegation))
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1161:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next_attr += strlen (next_attr) + 1;
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1279:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char issuer_attribute_name[strlen (vrh->issuer_attribute) + 1];
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1430:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (attr) > GNUNET_ABD_MAX_LENGTH)
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1476:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (issuer_attribute))
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1657:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (issuer_attribute))
data/gnunet-0.13.1/src/abd/gnunet-service-abd.c:1698:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (attr) > GNUNET_ABD_MAX_LENGTH))
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:211:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (subject_pkey),
data/gnunet-0.13.1/src/abd/plugin_gnsrecord_abd.c:217:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set[i].subject_attribute_len = strlen (attr_str) + 1;
data/gnunet-0.13.1/src/abe/test_cpabe.c:43:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = GNUNET_ABE_cpabe_encrypt (TESTSTRING, strlen (TESTSTRING) + 1,
data/gnunet-0.13.1/src/abe/test_cpabe.c:57:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (TESTSTRING) + 1 != size)
data/gnunet-0.13.1/src/arm/arm_api.c:842:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (service_name) + 1;
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:444:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:449:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (unixpath) >= sizeof(s_un.sun_path))
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:722:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen (name) + 1;
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1329:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t next_pos = (*pool_pos) + strlen (str) + 1;
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1333:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (pool_start + *pool_pos, str, strlen (str) + 1);
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1367:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pool_size += strlen (sl->name) + 1;
data/gnunet-0.13.1/src/arm/gnunet-service-arm.c:1368:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pool_size += strlen (sl->binary) + 1;
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:278:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (THROUGHPUT_TEMPLATE)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:288:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:308:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:351:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, RTT_TEMPLATE, strlen (
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:367:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:410:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, BW_TEMPLATE, strlen (
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:430:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:490:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f_m, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:524:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f[c_s], data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:565:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f_m, data, strlen (data)))
data/gnunet-0.13.1/src/ats-tests/ats-testing-log.c:619:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_SYSERR == GNUNET_DISK_file_write (f[c_s], data, strlen (
data/gnunet-0.13.1/src/ats-tests/perf_ats.c:418:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp += strlen (TESTNAME_PREFIX);
data/gnunet-0.13.1/src/ats-tests/perf_ats.c:444:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (c = 0; c <= strlen (comm_name); c++)
data/gnunet-0.13.1/src/ats-tests/perf_ats.c:463:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (c = 0; c <= strlen (pref_str); c++)
data/gnunet-0.13.1/src/ats-tool/gnunet-ats.c:731:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (opt_pid_str),
data/gnunet-0.13.1/src/ats-tool/gnunet-ats.c:742:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cpid_str),
data/gnunet-0.13.1/src/ats-tool/gnunet-ats.c:843:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (c = 0; c < strlen (opt_type_str); c++)
data/gnunet-0.13.1/src/ats/ats_api_scheduling.c:478:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen (ar->address->transport_name) + 1;
data/gnunet-0.13.1/src/ats/ats_api_scheduling.c:654:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen (address->transport_name) + 1;
data/gnunet-0.13.1/src/ats/gnunet-service-ats_addresses.c:571:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plugin_name_length = strlen (plugin_name) + 1;
data/gnunet-0.13.1/src/ats/gnunet-service-ats_performance.c:78:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t plugin_name_length = strlen (plugin_name) + 1;
data/gnunet-0.13.1/src/cadet/cadet_api.c:948:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (pd->agpl_url) + 1;
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:290:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data_size = read (0, buf, 60000);
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:603:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (peer_id),
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:727:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (listen_port, strlen (listen_port), &porthash);
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:742:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (target_id),
data/gnunet-0.13.1/src/cadet/gnunet-cadet.c:755:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (target_port, strlen (target_port), &porthash);
data/gnunet-0.13.1/src/cadet/test_cadet.c:450:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((0 == strncmp (s_sent, name, strlen (s_sent))) && (0 == i))
data/gnunet-0.13.1/src/cadet/test_cadet.c:452:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((0 == strncmp (s_recv, name, strlen (s_recv))) && (peers_requested - 1 ==
data/gnunet-0.13.1/src/cadet/test_cadet.c:455:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (rdrops, name, strlen (rdrops)))
data/gnunet-0.13.1/src/cadet/test_cadet.c:457:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (cdrops, name, strlen (cdrops)))
data/gnunet-0.13.1/src/consensus/gnunet-consensus-profiler.c:510:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (session_str, strlen (session_str), &session_id);
data/gnunet-0.13.1/src/consensus/gnunet-service-consensus.c:2520:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (salt),
data/gnunet-0.13.1/src/consensus/test_consensus_api.c:100:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (str, strlen (str), &session_id);
data/gnunet-0.13.1/src/conversation/conversation_api.c:646:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (line),
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:981:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((NULL != args) && (0 != strlen (args)) &&
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:984:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncasecmp (&args[1], &commands[i].command[1], strlen (args) - 1))
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:1062:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (message))
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:1068:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp (commands[i].command, message, strlen (commands[i].command))))
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:1070:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = &message[strlen (commands[i].command)];
data/gnunet-0.13.1/src/conversation/gnunet-conversation.c:1099:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle_command_string (message, strlen (message));
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback-gst.c:359:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (0, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:824:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
GNUNET_assert (1 == read (ready_pipe[0], &c, 1));
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-playback.c:834:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (STDIN_FILENO,
data/gnunet-0.13.1/src/conversation/gnunet-helper-audio-record.c:740:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vendor_length = strlen (opusver);
data/gnunet-0.13.1/src/conversation/gnunet_gst.c:660:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (0, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/conversation/plugin_gnsrecord_conversation.c:129:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(1 != sscanf (s, "%103s-", line_port)) ||
data/gnunet-0.13.1/src/conversation/plugin_gnsrecord_conversation.c:132:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (dash + 1),
data/gnunet-0.13.1/src/conversation/plugin_gnsrecord_conversation.c:145:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (line_port),
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:84:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phone_rdc (phone_rdc_cls, strlen (buf) + 1, buf);
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:98:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
call_rdc (call_rdc_cls, strlen (buf) + 1, buf);
data/gnunet-0.13.1/src/conversation/test_conversation_api.c:134:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((data_size != strlen (buf) + 1) || (0 != strncmp (buf, data, data_size)))
data/gnunet-0.13.1/src/conversation/test_conversation_api_twocalls.c:133:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
phone_rdc (phone_rdc_cls, strlen (buf) + 1, buf);
data/gnunet-0.13.1/src/conversation/test_conversation_api_twocalls.c:147:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mc->rdc (mc->rdc_cls, strlen (buf) + 1, buf);
data/gnunet-0.13.1/src/curl/curl.c:245:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (scope_id) >= 64)
data/gnunet-0.13.1/src/curl/curl.c:247:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen (scope_id); i++)
data/gnunet-0.13.1/src/curl/curl.c:563:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (semi - ct != strlen ("application/json"))
data/gnunet-0.13.1/src/curl/curl.c:567:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("application/json")))
data/gnunet-0.13.1/src/datacache/plugin_datacache_sqlite.c:171:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zSql),
data/gnunet-0.13.1/src/datastore/gnunet-service-datastore.c:477:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (msg == NULL) ? 0 : strlen (msg) + 1;
data/gnunet-0.13.1/src/datastore/plugin_datastore_sqlite.c:188:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zSql),
data/gnunet-0.13.1/src/dht/gnunet-dht-get.c:209:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (query_key, strlen (query_key), &key);
data/gnunet-0.13.1/src/dht/gnunet-dht-monitor.c:265:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (query_key, strlen (query_key), key);
data/gnunet-0.13.1/src/dht/gnunet-dht-put.c:147:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (query_key, strlen (query_key), &key);
data/gnunet-0.13.1/src/dht/gnunet-dht-put.c:164:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (data),
data/gnunet-0.13.1/src/dht/gnunet_dht_profiler.c:350:10: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) getchar ();
data/gnunet-0.13.1/src/dht/gnunet_dht_profiler.c:377:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (s_sent, name, strlen (s_sent)))
data/gnunet-0.13.1/src/dht/gnunet_dht_profiler.c:379:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp (s_recv, name, strlen (s_recv)))
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:287:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:343:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:436:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:585:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:635:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
data/gnunet-0.13.1/src/dns/gnunet-helper-dns.c:906:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev, argv[1], IFNAMSIZ);
data/gnunet-0.13.1/src/dns/gnunet-zonewalk.c:596:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (hn) > 0)
data/gnunet-0.13.1/src/dns/gnunet-zonewalk.c:597:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hn[strlen (hn) - 1] = '\0'; /* eat newline */
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3366:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (name);
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3525:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (section) < 8) ||
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3526:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 != strcmp (".gnunet.", section + (strlen (section) - 8))))
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3714:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:3739:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("dns"),
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:4005:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
data/gnunet-0.13.1/src/exit/gnunet-daemon-exit.c:4045:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:226:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:258:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev + 5, sizeof(ifr.ifr_name) - 1);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:309:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:398:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:545:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:608:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
data/gnunet-0.13.1/src/exit/gnunet-helper-exit.c:750:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev, argv[1], IFNAMSIZ);
data/gnunet-0.13.1/src/fs/fs_api.c:750:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == ent) || (0 == strlen (ent)))
data/gnunet-0.13.1/src/fs/fs_api.c:781:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == ent) || (0 == strlen (ent)))
data/gnunet-0.13.1/src/fs/fs_api.c:1217:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == end) || (0 == strlen (end)))
data/gnunet-0.13.1/src/fs/fs_api.c:1222:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (6 == strlen (end));
data/gnunet-0.13.1/src/fs/fs_directory.c:96:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_FS_DIRECTORY_MIME) + 1);
data/gnunet-0.13.1/src/fs/fs_directory.c:433:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (uris) + 1;
data/gnunet-0.13.1/src/fs/fs_directory.c:595:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (GNUNET_DIRECTORY_MAGIC) + sizeof(uint32_t);
data/gnunet-0.13.1/src/fs/fs_directory.c:641:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_DIRECTORY_MAGIC));
data/gnunet-0.13.1/src/fs/fs_directory.c:642:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off = strlen (GNUNET_DIRECTORY_MAGIC);
data/gnunet-0.13.1/src/fs/fs_dirmetascan.c:203:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (chld->short_filename);
data/gnunet-0.13.1/src/fs/fs_dirmetascan.c:388:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ds->pos->short_filename)
data/gnunet-0.13.1/src/fs/fs_download.c:43:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (dc->filename) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:43:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (dc->filename) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:44:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL != strstr (dc->filename + strlen (dc->filename)
data/gnunet-0.13.1/src/fs/fs_download.c:45:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
- strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_download.c:887:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fn = GNUNET_strdup (&us[strlen (GNUNET_FS_URI_CHK_PREFIX)]);
data/gnunet-0.13.1/src/fs/fs_download.c:896:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&us[strlen (GNUNET_FS_URI_CHK_PREFIX)],
data/gnunet-0.13.1/src/fs/fs_download.c:925:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (dn) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:925:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (dn) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:926:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL != strstr (dn + strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_download.c:926:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL != strstr (dn + strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_download.c:929:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen (sfn) > 0) && ('/' == filename[strlen (sfn) - 1]))
data/gnunet-0.13.1/src/fs/fs_download.c:929:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen (sfn) > 0) && ('/' == filename[strlen (sfn) - 1]))
data/gnunet-0.13.1/src/fs/fs_download.c:930:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sfn[strlen (sfn) - 1] = '\0';
data/gnunet-0.13.1/src/fs/fs_download.c:931:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (dn) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:931:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (dn) >= strlen (GNUNET_FS_DIRECTORY_EXT)) &&
data/gnunet-0.13.1/src/fs/fs_download.c:932:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL != strstr (dn + strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_download.c:932:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL != strstr (dn + strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_download.c:934:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dn[strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT)] = '\0';
data/gnunet-0.13.1/src/fs/fs_download.c:934:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dn[strlen (dn) - strlen (GNUNET_FS_DIRECTORY_EXT)] = '\0';
data/gnunet-0.13.1/src/fs/fs_download.c:936:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (filename) < strlen (GNUNET_FS_DIRECTORY_EXT)) ||
data/gnunet-0.13.1/src/fs/fs_download.c:936:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (filename) < strlen (GNUNET_FS_DIRECTORY_EXT)) ||
data/gnunet-0.13.1/src/fs/fs_download.c:937:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL == strstr (filename + strlen (filename)
data/gnunet-0.13.1/src/fs/fs_download.c:938:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
- strlen (GNUNET_FS_DIRECTORY_EXT),
data/gnunet-0.13.1/src/fs/fs_file_information.c:155:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (fn) + 1);
data/gnunet-0.13.1/src/fs/fs_getopt.c:68:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (value);
data/gnunet-0.13.1/src/fs/fs_getopt.c:108:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (val, " ");
data/gnunet-0.13.1/src/fs/fs_getopt.c:196:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) >= strlen (typename) + 1) &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:196:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) >= strlen (typename) + 1) &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:197:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(tmp[strlen (typename)] == ':') &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:198:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strncmp (typename, tmp, strlen (typename))))
data/gnunet-0.13.1/src/fs/fs_getopt.c:203:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&tmp[strlen (typename) + 1],
data/gnunet-0.13.1/src/fs/fs_getopt.c:204:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (&tmp[strlen (typename) + 1])
data/gnunet-0.13.1/src/fs/fs_getopt.c:204:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (&tmp[strlen (typename) + 1])
data/gnunet-0.13.1/src/fs/fs_getopt.c:210:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) >= strlen (typename_i18n) + 1) &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:210:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) >= strlen (typename_i18n) + 1) &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:211:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(tmp[strlen (typename_i18n)] == ':') &&
data/gnunet-0.13.1/src/fs/fs_getopt.c:212:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strncmp (typename_i18n, tmp, strlen (typename_i18n))))
data/gnunet-0.13.1/src/fs/fs_getopt.c:217:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&tmp[strlen (typename_i18n) + 1],
data/gnunet-0.13.1/src/fs/fs_getopt.c:218:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (&tmp
data/gnunet-0.13.1/src/fs/fs_getopt.c:219:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
[strlen (typename_i18n) + 1])
data/gnunet-0.13.1/src/fs/fs_getopt.c:233:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp, strlen (tmp) + 1);
data/gnunet-0.13.1/src/fs/fs_namespace.c:647:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (nsn->update, strlen (nsn->update), &hc);
data/gnunet-0.13.1/src/fs/fs_namespace.c:711:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (nsn->id, strlen (nsn->id), &hc);
data/gnunet-0.13.1/src/fs/fs_namespace.c:720:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (next_id, strlen (next_id), &hc);
data/gnunet-0.13.1/src/fs/fs_namespace.c:748:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (nsn->update, strlen (nsn->update), &hc);
data/gnunet-0.13.1/src/fs/fs_namespace.c:780:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (nsn->id, strlen (nsn->id), &hc);
data/gnunet-0.13.1/src/fs/fs_publish.c:849:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (fn) + 1;
data/gnunet-0.13.1/src/fs/fs_publish_ublock.c:57:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"UBLOCK-ENC", strlen ("UBLOCK-ENC"),
data/gnunet-0.13.1/src/fs/fs_publish_ublock.c:58:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label, strlen (label),
data/gnunet-0.13.1/src/fs/fs_publish_ublock.c:212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (uris) + 1;
data/gnunet-0.13.1/src/fs/fs_publish_ublock.c:216:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = strlen (ulabel) + 1;
data/gnunet-0.13.1/src/fs/fs_search.c:728:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (id_update))
data/gnunet-0.13.1/src/fs/fs_sharetree.c:162:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen (keyword) + 1;
data/gnunet-0.13.1/src/fs/fs_sharetree.c:246:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klen = strlen (keyword) + 1;
data/gnunet-0.13.1/src/fs/fs_sharetree.c:355:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 != strncasecmp (user, tree->short_filename, strlen (user))))
data/gnunet-0.13.1/src/fs/fs_sharetree.c:364:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tree->short_filename) + 1);
data/gnunet-0.13.1/src/fs/fs_uri.c:114:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri->data.sks.identifier),
data/gnunet-0.13.1/src/fs/fs_uri.c:122:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri->data.ksk.keywords[0]),
data/gnunet-0.13.1/src/fs/fs_uri.c:175:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen (keyword) - 1;
data/gnunet-0.13.1/src/fs/fs_uri.c:182:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ret, "");
data/gnunet-0.13.1/src/fs/fs_uri.c:188:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ret, "\"");
data/gnunet-0.13.1/src/fs/fs_uri.c:193:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ret, "\"");
data/gnunet-0.13.1/src/fs/fs_uri.c:202:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (ret, " ");
data/gnunet-0.13.1/src/fs/fs_uri.c:260:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = GNUNET_malloc (strlen (out) + 2);
data/gnunet-0.13.1/src/fs/fs_uri.c:261:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (ret, " ");
data/gnunet-0.13.1/src/fs/fs_uri.c:291:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (s);
data/gnunet-0.13.1/src/fs/fs_uri.c:292:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (GNUNET_FS_URI_KSK_PREFIX);
data/gnunet-0.13.1/src/fs/fs_uri.c:380:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (GNUNET_FS_URI_SKS_PREFIX);
data/gnunet-0.13.1/src/fs/fs_uri.c:381:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (s) <= pos) || (0 != strncmp (s, GNUNET_FS_URI_SKS_PREFIX, pos)))
data/gnunet-0.13.1/src/fs/fs_uri.c:423:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (s);
data/gnunet-0.13.1/src/fs/fs_uri.c:424:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (GNUNET_FS_URI_CHK_PREFIX);
data/gnunet-0.13.1/src/fs/fs_uri.c:517:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (s);
data/gnunet-0.13.1/src/fs/fs_uri.c:518:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (GNUNET_FS_URI_LOC_PREFIX);
data/gnunet-0.13.1/src/fs/fs_uri.c:556:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (&s[npos]) <= GNUNET_CRYPTO_PKEY_ASCII_LENGTH + 1) ||
data/gnunet-0.13.1/src/fs/fs_uri.c:578:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (&s[npos]) <= SIGNATURE_ASCII_LENGTH + 1) ||
data/gnunet-0.13.1/src/fs/fs_uri.c:1169:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((argc == 1) && (strlen (argv[0]) > strlen (GNUNET_FS_URI_PREFIX)) &&
data/gnunet-0.13.1/src/fs/fs_uri.c:1169:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((argc == 1) && (strlen (argv[0]) > strlen (GNUNET_FS_URI_PREFIX)) &&
data/gnunet-0.13.1/src/fs/fs_uri.c:1172:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_FS_URI_PREFIX))) &&
data/gnunet-0.13.1/src/fs/fs_uri.c:1476:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ((char *) str_to_normalize),
data/gnunet-0.13.1/src/fs/fs_uri.c:1662:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
normalize_metadata (EXTRACTOR_METAFORMAT_UTF8, p, strlen (p));
data/gnunet-0.13.1/src/fs/fs_uri.c:1868:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = keywordCount + strlen (GNUNET_FS_URI_PREFIX)
data/gnunet-0.13.1/src/fs/fs_uri.c:1869:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (GNUNET_FS_URI_KSK_INFIX) + 1;
data/gnunet-0.13.1/src/fs/fs_uri.c:1873:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (keyword);
data/gnunet-0.13.1/src/fs/fs_uri.c:1889:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wpos = strlen (ret);
data/gnunet-0.13.1/src/fs/fs_uri.c:1893:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (keyword);
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:171:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(DIR_SEPARATOR == dir_name[strlen (dir_name) - 1])
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:218:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (wi->filename, strlen (wi->filename), &id);
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:402:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (wi->filename, strlen (wi->filename), &key);
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:527:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (filename, strlen (filename), &fx[0]);
data/gnunet-0.13.1/src/fs/gnunet-auto-share.c:573:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (filename, strlen (filename), &key);
data/gnunet-0.13.1/src/fs/gnunet-daemon-fsprofiler.c:198:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (0 == strlen (pattern)) ? GNUNET_OK : GNUNET_SYSERR;
data/gnunet-0.13.1/src/fs/gnunet-download.c:96:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, "=");
data/gnunet-0.13.1/src/fs/gnunet-download.c:98:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, " ");
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:324:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (filename) + 1))
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:338:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (filename) + 1))
data/gnunet-0.13.1/src/fs/gnunet-helper-fs-publish.c:397:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (item->filename) + 1;
data/gnunet-0.13.1/src/fs/gnunet-search.c:176:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((filename[0] != '\0') && ('/' == filename[strlen (filename) - 1]))
data/gnunet-0.13.1/src/fs/gnunet-search.c:177:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename[strlen (filename) - 1] = '\0';
data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet_client.c:471:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_FS_BLOCK_TRANSFER),
data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet_client.c:605:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_FS_BLOCK_TRANSFER),
data/gnunet-0.13.1/src/fs/gnunet-service-fs_cadet_server.c:508:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_FS_BLOCK_TRANSFER),
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:202:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (fname) + 1;
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:390:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (fn) + 1;
data/gnunet-0.13.1/src/fs/gnunet-service-fs_indexing.c:464:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (filename) + 1;
data/gnunet-0.13.1/src/fs/test_fs_directory.c:92:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"A title", strlen ("A title") + 1);
data/gnunet-0.13.1/src/fs/test_fs_directory.c:96:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"An author", strlen ("An author") + 1);
data/gnunet-0.13.1/src/fs/test_fs_directory.c:110:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"text/plain", txt, strlen (txt) + 1);
data/gnunet-0.13.1/src/gns/gns_api.c:366:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name) + 1;
data/gnunet-0.13.1/src/gns/gns_tld_api.c:129:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (0 < strlen (name));
data/gnunet-0.13.1/src/gns/gns_tld_api.c:130:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == tld) || (strlen (name) == strlen (tld)))
data/gnunet-0.13.1/src/gns/gns_tld_api.c:130:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == tld) || (strlen (name) == strlen (tld)))
data/gnunet-0.13.1/src/gns/gns_tld_api.c:136:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (tld) < strlen (name));
data/gnunet-0.13.1/src/gns/gns_tld_api.c:136:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (tld) < strlen (name));
data/gnunet-0.13.1/src/gns/gns_tld_api.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen (name) - strlen (tld) - 1] = '\0';
data/gnunet-0.13.1/src/gns/gns_tld_api.c:137:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name[strlen (name) - strlen (tld) - 1] = '\0';
data/gnunet-0.13.1/src/gns/gns_tld_api.c:214:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (ego_name) < strlen (ltr->name));
data/gnunet-0.13.1/src/gns/gns_tld_api.c:214:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (ego_name) < strlen (ltr->name));
data/gnunet-0.13.1/src/gns/gns_tld_api.c:215:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltr->name[strlen (ltr->name) - strlen (ego_name) - 1] = '\0';
data/gnunet-0.13.1/src/gns/gns_tld_api.c:215:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltr->name[strlen (ltr->name) - strlen (ego_name) - 1] = '\0';
data/gnunet-0.13.1/src/gns/gns_tld_api.c:264:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (tld, strlen (tld), &pkey))
data/gnunet-0.13.1/src/gns/gns_tld_api.c:285:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zonestr),
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:170:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (gnskey),
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:208:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (gpg_fp);
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:476:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MHD_create_response_from_buffer (strlen (INVALID_GNSKEY),
data/gnunet-0.13.1/src/gns/gnunet-bcd.c:482:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
not_found_response = MHD_create_response_from_buffer (strlen (NOT_FOUND),
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:461:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen (hostname) + 1;
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:495:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (in) > 0)
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:496:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hn[strlen (in) - 1] = '\0'; /* eat newline */
data/gnunet-0.13.1/src/gns/gnunet-gns-benchmark.c:497:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((2 != sscanf (in,
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1180:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_cookie_hdr = GNUNET_malloc (strlen (hdr_val)
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1181:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (s5r->domain) + 1);
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1188:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (" domain"))) &&
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1192:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie_domain = tok + strlen (" domain") + 1;
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1193:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cookie_domain) < strlen (s5r->leho))
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1193:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (cookie_domain) < strlen (s5r->leho))
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1195:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1195:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delta_cdomain = strlen (s5r->leho) - strlen (cookie_domain);
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1228:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tok));
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1229:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += strlen (tok);
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1254:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (leho_host)))
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1262:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hdr_val + strlen (leho_host));
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1279:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (leho_host)))
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:1299:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strlen (hdr_val)) /* Rely in MHD to set those */
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:2725:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("ZZ"));
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:2730:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("GNU Name System"));
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:2735:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (name));
data/gnunet-0.13.1/src/gns/gnunet-gns-proxy.c:3891:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= MHD_create_response_from_buffer (strlen (page),
data/gnunet-0.13.1/src/gns/gnunet-service-gns.c:497:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:567:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s_len = strlen (name);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:966:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rh->name_resolution_pos = strlen (rh->name);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:985:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (rh->leho),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1142:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd[rd_count - skip].data_size = strlen (rh->leho);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1256:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (cname);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1274:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rh->name_resolution_pos = strlen (res);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1299:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cname) - (strlen (tld) + 1),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1299:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cname) - (strlen (tld) + 1),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1308:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (cname) - (strlen (tld) + 1),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1308:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen (cname) - (strlen (tld) + 1),
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1311:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rh->name_resolution_pos = strlen (res);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1342:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rh->name_resolution_pos = strlen (rh->name);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1773:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen (ip) + 1;
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1866:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gp->rh->name_resolution_pos = strlen (ip) - strlen (tld) - 1;
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1866:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gp->rh->name_resolution_pos = strlen (ip) - strlen (tld) - 1;
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1884:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (ns) <= GNUNET_DNSPARSER_MAX_NAME_LENGTH);
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:1919:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ac->label) > GNUNET_DNSPARSER_MAX_NAME_LENGTH)
data/gnunet-0.13.1/src/gns/gnunet-service-gns_resolver.c:2883:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rh->name_resolution_pos = strlen (name);
data/gnunet-0.13.1/src/gns/nss/nss_gns.c:100:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (name) + 1)
data/gnunet-0.13.1/src/gns/nss/nss_gns.c:150:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
idx += strlen (name) + 1;
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c:107:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (line[strlen (line) - 1] == '\n')
data/gnunet-0.13.1/src/gns/nss/nss_gns_query.c:109:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen (line) - 1] = '\0';
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:164:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (s, strlen (s), &pkey))
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:178:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:183:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:219:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&nsbuf[off], at, strlen (at) + 1);
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:220:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen (at) + 1;
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:234:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (3 != sscanf (s, "%u %103s %253s", &proto, s_peer, s_serv))
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:241:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = sizeof(struct GNUNET_TUN_GnsVpnRecord) + strlen (s_serv) + 1;
data/gnunet-0.13.1/src/gns/plugin_gnsrecord_gns.c:245:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (s_peer),
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:283:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_GNS) < strlen (handle->url))
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:283:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_GNS) < strlen (handle->url))
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:285:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = &handle->url[strlen (GNUNET_REST_API_NS_GNS) + 1];
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:295:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 >= strlen (name))
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:306:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_REST_GNS_PARAM_RECORD_TYPE),
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:403:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/gns/plugin_rest_gns.c:404:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:215:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (url),
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:316:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cbc.pos != strlen ("/hello_world"))
data/gnunet-0.13.1/src/gns/test_gns_proxy.c:321:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp ("/hello_world", cbc.buf, strlen ("/hello_world")))
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:59:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx_key, strlen (ctx_key),
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:61:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label, strlen (label),
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:65:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx_iv, strlen (ctx_iv),
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_crypto.c:67:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label, strlen (label),
data/gnunet-0.13.1/src/gnsrecord/gnsrecord_misc.c:269:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zkey),
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:455:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == certp) || (0 == strlen (certp)))
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:461:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (certp),
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:505:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (7 != sscanf (s,
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:570:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (2 != sscanf (s, "%u,%253s", &mx_pref, mxhost))
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:604:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (4 != sscanf (s, "%u %u %u %253s", &priority, &weight, &port,
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:633:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:653:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (s) + 1;
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:666:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = sizeof(struct GNUNET_TUN_DnsTlsaRecord) + strlen (hex) / 2;
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:671:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (hex) / 2 != GNUNET_DNSPARSER_hex_to_bin (hex, &tlsa[1]))
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:688:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char value[strlen (s) + 1]; // Should be more than enough
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:698:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = sizeof(struct GNUNET_DNSPARSER_CaaRecord) + strlen (tag)
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:699:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (value);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:702:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (&caa[1], tag, strlen (tag));
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:703:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
caa->tag_len = strlen (tag);
data/gnunet-0.13.1/src/gnsrecord/plugin_gnsrecord_dns.c:704:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy ((char *) &caa[1] + caa->tag_len, value, strlen (value));
data/gnunet-0.13.1/src/hello/address.c:58:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (address->transport_name) + 1;
data/gnunet-0.13.1/src/hello/address.c:83:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (transport_name) + 1;
data/gnunet-0.13.1/src/hello/hello-ng.c:81:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (address, strlen (address), &sa.h_addr);
data/gnunet-0.13.1/src/hello/hello-ng.c:164:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (raw_addr, strlen (raw_addr), &sa.h_addr);
data/gnunet-0.13.1/src/hello/hello.c:118:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (address->transport_name) + 1;
data/gnunet-0.13.1/src/hello/hello.c:990:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (addr)))
data/gnunet-0.13.1/src/hello/hello.c:997:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (client_str)); /* Replace all server addresses with client addresses */
data/gnunet-0.13.1/src/hello/hello.c:1179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (uri_address) + 1,
data/gnunet-0.13.1/src/hello/hello.c:1229:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_HELLO_URI_PREFIX)))
data/gnunet-0.13.1/src/hello/hello.c:1231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pks = &uri[strlen (GNUNET_HELLO_URI_PREFIX)];
data/gnunet-0.13.1/src/hello/hello.c:1236:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_FRIEND_HELLO_URI_PREFIX)))
data/gnunet-0.13.1/src/hello/hello.c:1238:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pks = &uri[strlen (GNUNET_FRIEND_HELLO_URI_PREFIX)];
data/gnunet-0.13.1/src/hello/hello.c:1247:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(NULL == exc) ? strlen (pks) : (exc - pks),
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:445:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (servers) > 0)
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:448:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (servers) - 1;
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:466:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen (servers) - 1;
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:1250:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_size = strlen (uri) + 1;
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:1432:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostlist = GNUNET_malloc (sizeof(struct Hostlist) + strlen (uri) + 1);
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_client.c:1435:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&hostlist[1], uri, strlen (uri) + 1);
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_server.c:444:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri_size = strlen (hostlist_uri) + 1;
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_server.c:486:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (hostlist_uri) + 1;
data/gnunet-0.13.1/src/hostlist/gnunet-daemon-hostlist_server.c:702:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (hostname);
data/gnunet-0.13.1/src/identity/gnunet-identity.c:407:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (privkey_ego),
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:222:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
elen = strlen (emsg) + 1;
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:249:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (NULL == ego->identifier) ? 0 : (strlen (ego->identifier) + 1);
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:274:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (NULL == servicename) ? 0 : (strlen (servicename) + 1);
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:417:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (ego->identifier) <= strlen (name)) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:417:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (ego->identifier) <= strlen (name)) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:419:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&name[strlen (name) - strlen (ego->identifier)])) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:419:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&name[strlen (name) - strlen (ego->identifier)])) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:420:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (name) == strlen (ego->identifier)) ||
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:420:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (name) == strlen (ego->identifier)) ||
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:421:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
('.' == name[strlen (name) - strlen (ego->identifier) - 1])) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:421:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
('.' == name[strlen (name) - strlen (ego->identifier) - 1])) &&
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:423:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (ego->identifier) > strlen (lprefix->identifier))))
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:423:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (ego->identifier) > strlen (lprefix->identifier))))
data/gnunet-0.13.1/src/identity/gnunet-service-identity.c:648:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (NULL == ego->identifier) ? 0 : (strlen (ego->identifier) + 1);
data/gnunet-0.13.1/src/identity/identity_api.c:645:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (service_name) + 1;
data/gnunet-0.13.1/src/identity/identity_api.c:691:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (service_name) + 1;
data/gnunet-0.13.1/src/identity/identity_api.c:737:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (name) + 1;
data/gnunet-0.13.1/src/identity/identity_api.c:788:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen_old = strlen (old_name) + 1;
data/gnunet-0.13.1/src/identity/identity_api.c:789:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen_new = strlen (new_name) + 1;
data/gnunet-0.13.1/src/identity/identity_api.c:838:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (name) + 1;
data/gnunet-0.13.1/src/identity/identity_api_lookup.c:209:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name) + 1;
data/gnunet-0.13.1/src/identity/identity_api_suffix_lookup.c:205:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (suffix) + 1;
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:431:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:431:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:437:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
subsystem = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:486:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash ("private", strlen ("private"), &key);
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:539:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash ("private", strlen ("private"), &key);
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:581:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:581:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:588:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keystring = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:621:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:621:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:628:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
egoname = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_NAME) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:751:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 >= strlen (newname))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:804:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:804:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:811:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keystring = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:844:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:844:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:851:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_NAME) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:889:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:889:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:896:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_SUBSYSTEM) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:950:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 >= strlen (newsubsys))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:999:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY) != strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:999:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY) != strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1042:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 >= strlen (egoname))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1066:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (privkey),
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1101:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1101:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1108:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keystring = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_PUBKEY) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1145:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1145:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_NAME) >= strlen (handle->url))
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1152:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = &handle->url[strlen (GNUNET_REST_API_NS_IDENTITY_NAME) + 1];
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1364:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/identity/plugin_rest_identity.c:1365:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/include/gnunet_crypto_lib.h:625:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash_from_string2 (enc, strlen (enc), result)
data/gnunet-0.13.1/src/json/json_helper.c:68:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (enc);
data/gnunet-0.13.1/src/json/json_helper.c:138:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen (str) * 5) / 8;
data/gnunet-0.13.1/src/json/json_helper.c:146:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str),
data/gnunet-0.13.1/src/json/json_helper.c:887:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (enc);
data/gnunet-0.13.1/src/json/json_helper.c:982:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = (strlen (str) * 5) / 8;
data/gnunet-0.13.1/src/json/json_helper.c:985:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str),
data/gnunet-0.13.1/src/json/test_json_mhd.c:137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (str);
data/gnunet-0.13.1/src/my/my_query_helper.c:130:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
.data_len = strlen (ptr)
data/gnunet-0.13.1/src/my/test_my.c:120:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_MY_query_param_fixed_size (msg, strlen (msg)),
data/gnunet-0.13.1/src/my/test_my.c:212:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (strlen (msg) == msg2_len);
data/gnunet-0.13.1/src/my/test_my.c:218:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (strlen (msg3) == strlen (msg4));
data/gnunet-0.13.1/src/my/test_my.c:218:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (strlen (msg3) == strlen (msg4));
data/gnunet-0.13.1/src/mysql/mysql.c:452:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != mysql_stmt_prepare (sh->statement, sh->query, strlen (sh->query)))
data/gnunet-0.13.1/src/namecache/gnunet-namecache.c:180:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (pkey, strlen (pkey), &pubkey))
data/gnunet-0.13.1/src/namecache/plugin_namecache_flat.c:173:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (block),
data/gnunet-0.13.1/src/namecache/plugin_namecache_flat.c:228:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (line));
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:311:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (full_page),
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:371:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_free < (strlen (name) + strlen (pkey) + 40))
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:371:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bytes_free < (strlen (name) + strlen (pkey) + 40))
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:383:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zr->write_offset = strlen (zr->zoneinfo);
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:445:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (MAIN_PAGE),
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:481:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (reply),
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:716:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (request->public_key),
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:826:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/namestore/gnunet-namestore-fcfsd.c:888:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (METHOD_ERROR),
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1043:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (nickstring))
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1193:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (reverse_pkey),
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1216:16: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((2 != (sscanf (uri, "gnunet://gns/%52s/%63s", sh, sname))) ||
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1218:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (sh, strlen (sh), &pkey)))
data/gnunet-0.13.1/src/namestore/gnunet-namestore.c:1415:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (pkey_str),
data/gnunet-0.13.1/src/namestore/gnunet-service-namestore.c:757:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (name) + 1;
data/gnunet-0.13.1/src/namestore/gnunet-service-namestore.c:1628:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (NULL == name) ? 0 : strlen (name) + 1;
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:1432:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (fqdn, strlen (fqdn) + 1, &hc);
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:1544:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hlen = strlen (hostname) + 1;
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:1680:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (hn) > 0)
data/gnunet-0.13.1/src/namestore/gnunet-zoneimport.c:1681:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hn[strlen (hn) - 1] = '\0'; /* eat newline */
data/gnunet-0.13.1/src/namestore/namestore_api.c:999:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (label) + 1;
data/gnunet-0.13.1/src/namestore/namestore_api.c:1093:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (1 == (label_len = strlen (label) + 1))
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:97:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label_len = strlen (label);
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:277:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (record_data_b64),
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:302:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zone_private_key),
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:395:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (line));
data/gnunet-0.13.1/src/namestore/plugin_namestore_flat.c:482:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (label));
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:616:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:616:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:623:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
egoname = &handle->url[strlen (GNUNET_REST_API_NS_NAMESTORE) + 1];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:634:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash ("record_type", strlen ("record_type"), &key);
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:646:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
labelname = &egoname[strlen (ego_entry->identifier)];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:648:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (1 >= strlen (labelname))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:764:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 >= strlen (handle->record_name))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:778:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:778:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:785:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
egoname = &handle->url[strlen (GNUNET_REST_API_NS_NAMESTORE) + 1];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:869:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:869:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_NAMESTORE) + 1 >= strlen (handle->url))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:876:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
egoname = &handle->url[strlen (GNUNET_REST_API_NS_NAMESTORE) + 1];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:886:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
labelname = &egoname[strlen (ego_entry->identifier)];
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:888:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (1 >= strlen (labelname))
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:1050:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/namestore/plugin_rest_namestore.c:1051:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_nick.c:147:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rd[c].data_size != strlen (TEST_NICK) + 1)
data/gnunet-0.13.1/src/namestore/test_namestore_api_lookup_nick.c:300:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd.data_size = strlen (TEST_NICK) + 1;
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_nick.c:321:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd.data_size = strlen (ZONE_NICK_2) + 1;
data/gnunet-0.13.1/src/namestore/test_namestore_api_zone_iteration_nick.c:387:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rd.data_size = strlen (ZONE_NICK_1) + 1;
data/gnunet-0.13.1/src/nat/gnunet-helper-nat-server.c:381:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
have = read (icmpsock, buf, sizeof(buf));
data/gnunet-0.13.1/src/nat/gnunet-service-nat.c:1375:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (']' != (ch->hole_external[strlen (ch->hole_external) - 1]))
data/gnunet-0.13.1/src/nat/gnunet-service-nat.c:1383:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch->hole_external[strlen (ch->hole_external) - 1] = '\0';
data/gnunet-0.13.1/src/nat/gnunet-service-nat_mini.c:417:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen ("ExternalIPAddress = ");
data/gnunet-0.13.1/src/nat/nat_api.c:397:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen (config_section) + 1;
data/gnunet-0.13.1/src/peerinfo-tool/gnunet-peerinfo.c:281:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strlen (address))
data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c:490:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strlen (address))
data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c:641:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_REST_PEERINFO_FRIEND),
data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c:657:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_REST_PEERINFO_PEER),
data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c:753:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/peerinfo-tool/plugin_rest_peerinfo.c:754:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/peerinfo/gnunet-service-peerinfo.c:522:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == filename) || (1 > strlen (filename)))
data/gnunet-0.13.1/src/peerinfo/gnunet-service-peerinfo.c:562:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (filename),
data/gnunet-0.13.1/src/peerinfo/perf_peerinfo_api.c:96:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
address.address_length = strlen (caddress) + 1;
data/gnunet-0.13.1/src/peerstore/peerstore_common.c:45:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sssize = strlen (sub_system) + 1;
data/gnunet-0.13.1/src/peerstore/peerstore_common.c:47:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksize = strlen (key) + 1;
data/gnunet-0.13.1/src/peerstore/peerstore_common.c:92:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss_size = strlen (sub_system) + 1;
data/gnunet-0.13.1/src/peerstore/peerstore_common.c:96:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_size = strlen (key) + 1;
data/gnunet-0.13.1/src/peerstore/perf_peerstore_store.c:54:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_PEERSTORE_store (h, ss, &p, k, v, strlen (v) + 1,
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c:307:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (peer_id),
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c:445:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (peer),
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c:456:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value),
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c:469:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (peer_id),
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_flat.c:513:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (line));
data/gnunet-0.13.1/src/peerstore/plugin_peerstore_sqlite.c:483:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (sql),
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_iterate.c:132:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_iterate.c:142:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_iterate.c:152:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:52:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert ((strlen (val3) + 1) == record->value_size);
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:92:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val3) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:109:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (((strlen (val1) + 1) == record->value_size) ||
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:110:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((strlen (val2) + 1) == record->value_size));
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:147:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val2) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:164:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert ((strlen (val1) + 1) == record->value_size);
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_store.c:201:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val1) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_sync.c:156:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val, strlen (val) + 1,
data/gnunet-0.13.1/src/peerstore/test_peerstore_api_watch.c:79:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val) + 1,
data/gnunet-0.13.1/src/peerstore/test_plugin_peerstore.c:119:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (testval)));
data/gnunet-0.13.1/src/peerstore/test_plugin_peerstore.c:158:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("test_value"),
data/gnunet-0.13.1/src/pq/pq_connect.c:153:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (load_path) + 10;
data/gnunet-0.13.1/src/pq/pq_connect.c:216:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (load_path) + 10;
data/gnunet-0.13.1/src/pq/pq_query_helper.c:93:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return GNUNET_PQ_query_param_fixed_size (ptr, strlen (ptr));
data/gnunet-0.13.1/src/pq/test_pq.c:126:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_PQ_query_param_fixed_size (msg, strlen (msg)),
data/gnunet-0.13.1/src/pq/test_pq.c:192:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (strlen (msg) == msg2_len);
data/gnunet-0.13.1/src/pt/gnunet-daemon-pt.c:1062:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_INTERNET_RESOLVER),
data/gnunet-0.13.1/src/pt/gnunet-daemon-pt.c:1274:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("dns"),
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:148:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (url),
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:264:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cbc.pos != strlen ("/hello_world"))
data/gnunet-0.13.1/src/pt/test_gns_vpn.c:269:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp ("/hello_world", cbc.buf, strlen ("/hello_world")))
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:125:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MHD_create_response_from_buffer (strlen (url), (void *) url,
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:213:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cbc.pos != strlen ("/hello_world"))
data/gnunet-0.13.1/src/pt/test_gnunet_vpn.c:218:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp ("/hello_world", cbc.buf, strlen ("/hello_world")))
data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c:623:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (attr_value));
data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c:716:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (attestation_id),
data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c:734:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (rp, strlen (rp), &rp_key)) )
data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c:742:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (consume_ticket),
data/gnunet-0.13.1/src/reclaim/gnunet-reclaim.c:747:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (revoke_ticket),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:98:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL != attest_str) && (0 != strlen (attest_str)))
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:101:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (attest_str),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:105:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == id_str) || (0 == strlen (id_str)))
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:109:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (id_str),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:202:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (rnd_str),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:212:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (id_str),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:224:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (aud_str),
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:339:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == id_str) || (0 == strlen (id_str)))
data/gnunet-0.13.1/src/reclaim/json_reclaim.c:343:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (id_str),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:285:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64);
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:288:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64);
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:300:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (secret_key),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:302:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (signature_target),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:340:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ctx_key),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:348:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ctx_iv),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:472:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code_challenge_len = strlen (code_challenge);
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:611:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_decode (code, strlen (code),
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:657:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (code_verifier));
data/gnunet-0.13.1/src/reclaim/oidc_helper.c:663:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (expected_code_challenge) != code_challenge_len) ||
data/gnunet-0.13.1/src/reclaim/plugin_gnsrecord_reclaim.c:86:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/reclaim/plugin_gnsrecord_reclaim.c:94:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return GNUNET_STRINGS_string_to_data (s, strlen (s), *data, *data_size);
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c:85:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c:174:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c:198:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val_str));
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c:232:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attestation_jwt.c:270:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64url_decode (jwt_body, strlen (jwt_body),
data/gnunet-0.13.1/src/reclaim/plugin_reclaim_attribute_basic.c:85:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*data_size = strlen (s);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:773:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (OIDC_COOKIE_HEADER_KEY),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:819:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (token, strlen (token), &cache_key);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1250:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (identity_cookie, strlen (identity_cookie), &cache_key);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1265:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1411:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (tmp_key_str),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1452:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (key, strlen (key), &hc);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1526:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (OIDC_ignored_parameter_array[iterator]),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1592:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_ecdsa_public_key_from_string (value, strlen (value), &pkey))
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1646:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1727:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (cookie, strlen (cookie), &cache_key);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1764:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (OIDC_AUTHORIZATION_HEADER_KEY),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1795:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (credentials),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1861:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (client_id),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1896:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (access_token, strlen (access_token), &hc);
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:1957:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (OIDC_GRANT_TYPE_KEY),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:2191:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (OIDC_AUTHORIZATION_HEADER_KEY),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:2232:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (authorization_access_token),
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:2439:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/reclaim/plugin_rest_openid_connect.c:2440:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:478:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:478:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:485:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity = handle->url + strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:636:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:636:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:643:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity = handle->url + strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:695:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:695:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTESTATION) >= strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:703:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strdup (handle->url + strlen (
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:731:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_string_to_data (id, strlen (id), &attr.id, sizeof(attr.id));
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:762:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:762:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:768:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity = handle->url + strlen (GNUNET_REST_API_NS_IDENTITY_TICKETS) + 1;
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:817:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:817:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:823:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:906:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_base64_decode (jwt_body, strlen (jwt_body),
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1006:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1006:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1012:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
identity = handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1;
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1062:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1062:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) >= strlen (handle->url))
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1069:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strdup (handle->url + strlen (GNUNET_REST_API_NS_RECLAIM_ATTRIBUTES) + 1);
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1096:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_string_to_data (id, strlen (id), &attr.id, sizeof(attr.id));
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1436:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/reclaim/plugin_rest_reclaim.c:1437:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:243:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (attr_name_tmp) + 1 + data_size);
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:248:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1);
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:250:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_ptr += strlen (attr->name) + 1;
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:420:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(struct Attestation) + strlen (attestation->name)
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:446:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (attestation->name);
data/gnunet-0.13.1/src/reclaim/reclaim_attestation.c:458:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(struct Attestation) + strlen (attestation->name)
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:245:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (attr_name_tmp) + 1 + data_size);
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:252:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (write_ptr, attr_name_tmp, strlen (attr_name_tmp) + 1);
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:254:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_ptr += strlen (attr->name) + 1;
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:455:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(struct Attribute) + strlen (attr->name) + attr->data_size;
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:481:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (attr->name);
data/gnunet-0.13.1/src/reclaim/reclaim_attribute.c:493:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(struct Attribute) + strlen (attr->name) + attr->data_size;
data/gnunet-0.13.1/src/regex/gnunet-daemon-regexprofiler.c:198:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == regex) || (0 == strlen (regex)))
data/gnunet-0.13.1/src/regex/gnunet-regex-profiler.c:1270:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (&data[offset]);
data/gnunet-0.13.1/src/regex/gnunet-regex-simulation-profiler.c:462:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (regex),
data/gnunet-0.13.1/src/regex/perf-regex.c:110:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (regex);
data/gnunet-0.13.1/src/regex/regex_api_announce.c:113:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (a->regex) + 1;
data/gnunet-0.13.1/src/regex/regex_api_announce.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (regex) + 1;
data/gnunet-0.13.1/src/regex/regex_api_search.c:165:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (s->string) + 1;
data/gnunet-0.13.1/src/regex/regex_api_search.c:207:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (string) + 1;
data/gnunet-0.13.1/src/regex/regex_block_lib.c:182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ctx->xquery) < len)
data/gnunet-0.13.1/src/regex/regex_block_lib.c:409:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (proof);
data/gnunet-0.13.1/src/regex/regex_block_lib.c:419:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (edges[i].label);
data/gnunet-0.13.1/src/regex/regex_block_lib.c:461:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (edges[i].label);
data/gnunet-0.13.1/src/regex/regex_internal.c:693:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cstr_len = strlen (cstr);
data/gnunet-0.13.1/src/regex/regex_internal.c:882:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out->slen = strlen (cstr);
data/gnunet-0.13.1/src/regex/regex_internal.c:1689:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (states[i]->proof),
data/gnunet-0.13.1/src/regex/regex_internal.c:1770:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (s->name, "{");
data/gnunet-0.13.1/src/regex/regex_internal.c:1777:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen (pos);
data/gnunet-0.13.1/src/regex/regex_internal.c:1790:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s->name = GNUNET_realloc (s->name, strlen (s->name) + 1);
data/gnunet-0.13.1/src/regex/regex_internal.c:1825:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (t->label);
data/gnunet-0.13.1/src/regex/regex_internal.c:2255:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((start != dfa->start) && (max_len > 0) && (max_len == strlen (
data/gnunet-0.13.1/src/regex/regex_internal.c:2257:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((start == dfa->start) && (GNUNET_REGEX_INITIAL_BYTES == strlen (
data/gnunet-0.13.1/src/regex/regex_internal.c:2822:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == regex) || (0 == strlen (regex)) || (0 == len))
data/gnunet-0.13.1/src/regex/regex_internal.c:3175:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((NULL == string) || (0 == strlen (string))) && s->accepting)
data/gnunet-0.13.1/src/regex/regex_internal.c:3220:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((NULL == string) || (0 == strlen (string))) && a->start->accepting)
data/gnunet-0.13.1/src/regex/regex_internal.c:3390:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cur_len = strlen (consumed_string);
data/gnunet-0.13.1/src/regex/regex_internal.c:3403:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (consumed_string, strlen (consumed_string), &hash);
data/gnunet-0.13.1/src/regex/regex_internal.c:3507:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((NULL != s->proof) && (0 < strlen (s->proof))) || s->accepting)
data/gnunet-0.13.1/src/regex/regex_internal.c:3646:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((GNUNET_REGEX_INITIAL_BYTES > strlen (state->proof)) &&
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:213:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
h->dfa = REGEX_INTERNAL_construct_dfa (regex, strlen (regex), compression);
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:492:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (info->description);
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:529:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(ctx->position == strlen (ctx->info->description)))
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:539:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ctx->info->description),
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:573:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_len = strlen (info->description) - ctx->position;
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:672:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (rest) + 1, /* xquery bits */
data/gnunet-0.13.1/src/regex/regex_internal_dht.c:726:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string);
data/gnunet-0.13.1/src/regex/regex_test_graph.c:197:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (s_acc, strlen (s_acc), 1, ctx->filep);
data/gnunet-0.13.1/src/regex/regex_test_graph.c:253:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (s_tran, strlen (s_tran), 1, ctx->filep);
data/gnunet-0.13.1/src/regex/regex_test_graph.c:285:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == filename) || (strlen (filename) < 1))
data/gnunet-0.13.1/src/regex/regex_test_graph.c:309:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (start, strlen (start), 1, ctx.filep);
data/gnunet-0.13.1/src/regex/regex_test_graph.c:316:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (end, strlen (end), 1, ctx.filep);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:218:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (s) == 0)
data/gnunet-0.13.1/src/regex/regex_test_lib.c:234:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (regex);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:276:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = strlen (s1);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:277:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = strlen (s2);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:347:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (regex);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:454:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen (regex);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:476:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (p->s);
data/gnunet-0.13.1/src/regex/regex_test_lib.c:622:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (regex);
data/gnunet-0.13.1/src/regex/regex_test_random.c:43:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(uint32_t) strlen (ALLOWED_LITERALS));
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:96:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfa = REGEX_INTERNAL_construct_dfa (rand_rx, strlen (rand_rx), 0);
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:122:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((matchptr[0].rm_so != 0) || (matchptr[0].rm_eo != strlen (
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:128:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
REGEX_INTERNAL_construct_dfa (canonical_regex, strlen (canonical_regex),
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:153:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((matchptr[0].rm_so != 0) || (matchptr[0].rm_eo != strlen (
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:228:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(matchptr[0].rm_eo != strlen (rxstr->strings[i])) ))
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:358:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_nfa (rxstr[i].regex, strlen (rxstr[i].regex));
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:363:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (rxstr[i].regex, strlen (rxstr[i].regex),
data/gnunet-0.13.1/src/regex/test_regex_eval_api.c:369:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (check_proof, strlen (check_proof), 0);
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:101:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_nfa (regex[i], strlen (regex[i]));
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:106:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_nfa (regex[i], strlen (regex[i]));
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:113:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_nfa (regex[i], strlen (regex[i]));
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:120:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_nfa (regex[i], strlen (regex[i]));
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:130:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (regex[i], strlen (regex[i]), 0);
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:135:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (regex[i], strlen (regex[i]), 0);
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:142:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (regex[i], strlen (regex[i]), 0);
data/gnunet-0.13.1/src/regex/test_regex_graph_api.c:150:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = REGEX_INTERNAL_construct_dfa (regex[i], strlen (regex[i]), 4);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:80:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (out_str, strlen (out_str), 1, ctx->graph_filep);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:89:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (out_str, strlen (out_str), 1, ctx->graph_filep);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:106:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_OK != REGEX_BLOCK_check_proof (proof, strlen (proof), key))
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:182:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (graph_start_str, strlen (graph_start_str), 1, ctx.graph_filep);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:198:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
REGEX_INTERNAL_construct_dfa (rxstr[i].regex, strlen (rxstr[i].regex), 0);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:230:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite (graph_end_str, strlen (graph_end_str), 1, ctx.graph_filep);
data/gnunet-0.13.1/src/regex/test_regex_iterate_api.c:245:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
REGEX_INTERNAL_construct_dfa (rxstr[i].regex, strlen (rxstr[i].regex), 0);
data/gnunet-0.13.1/src/regex/test_regex_proofs.c:50:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfa = REGEX_INTERNAL_construct_dfa (regex, strlen (regex), 1);
data/gnunet-0.13.1/src/regex/test_regex_proofs.c:54:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfa = REGEX_INTERNAL_construct_dfa (c_rx1, strlen (c_rx1), 1);
data/gnunet-0.13.1/src/regex/test_regex_proofs.c:134:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfa1 = REGEX_INTERNAL_construct_dfa (regex[i], strlen (regex[i]), 1);
data/gnunet-0.13.1/src/regex/test_regex_proofs.c:135:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfa2 = REGEX_INTERNAL_construct_dfa (regex[i + 1], strlen (regex[i + 1]),
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:260:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (lowerkey, strlen (lowerkey), &hkey);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:288:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (key, strlen (key), &hkey);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:323:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (key, strlen (key), &hkey);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:387:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char tmp_url[strlen (url) + 1];
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:398:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (plugin_name, strlen (plugin_name), &key);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:460:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash ("origin", strlen ("origin"), &key);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:471:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp ("moz-extension://", origin, strlen ("moz-extension://"))) ||
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:474:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("chrome-extension://"))))
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:487:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (allow_origin, origin, strlen (allow_origin)))
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:826:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (1 < strlen (plugin->name));
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:828:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (plugin->name + 1, strlen (plugin->name + 1), &key);
data/gnunet-0.13.1/src/rest/gnunet-rest-server.c:1045:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
failure_response = MHD_create_response_from_buffer (strlen (err_page),
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:156:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) > strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:156:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) > strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:162:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) == strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:162:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) == strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:170:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section = &handle->url[strlen (GNUNET_REST_API_NS_CONFIG) + 1];
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:233:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) > strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:233:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) > strlen (handle->url))
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:257:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) == strlen (handle->url)) // POST /config
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:257:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (GNUNET_REST_API_NS_CONFIG) == strlen (handle->url)) // POST /config
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:279:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section = &handle->url[strlen (GNUNET_REST_API_NS_CONFIG) + 1];
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:368:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (handle->url[strlen (handle->url) - 1] == '/')
data/gnunet-0.13.1/src/rest/plugin_rest_config.c:369:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->url[strlen (handle->url) - 1] = '\0';
data/gnunet-0.13.1/src/rest/rest.c:46:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return 0 == strncmp (namespace, url, strlen (namespace));
data/gnunet-0.13.1/src/rest/rest.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (data);
data/gnunet-0.13.1/src/rest/rest.c:91:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (url[strlen (url) - 1] == '/')
data/gnunet-0.13.1/src/rest/rest.c:92:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url[strlen (url) - 1] = '\0';
data/gnunet-0.13.1/src/rest/rest.c:97:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (url) < strlen (handlers[i].namespace))
data/gnunet-0.13.1/src/rest/rest.c:97:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (url) < strlen (handlers[i].namespace))
data/gnunet-0.13.1/src/revocation/gnunet-revocation.c:413:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (test_ego),
data/gnunet-0.13.1/src/revocation/gnunet-service-revocation.c:807:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("revocation-set-union-application-id"),
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:168:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_BLOCKS_NO_PULL])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:174:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:181:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:188:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:195:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_BLOCKS_NO_PUSH])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:201:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_BLOCKS])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:207:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_ROUNDS])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:213:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:220:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:227:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_ISSUED_PULL_REQ])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:233:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:240:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_ISSUED_PULL_REP])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:246:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_SENT_PUSH_SEND])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:252:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_SENT_PULL_REQ])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:258:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:265:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_SENT_PULL_REP])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:271:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_RECV_PUSH_SEND])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:277:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:284:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_RECV_PULL_REQ])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:290:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:297:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_RECV_PULL_REP])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:303:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:310:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_VIEW_SIZE])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:316:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_KNOWN_PEERS])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:322:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_VALID_PEERS])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:328:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_LEARND_PEERS])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:334:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:341:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:348:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:355:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:362:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_PEERS_IN_VIEW])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:368:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (stat_type_strings[STAT_TYPE_VIEW_SIZE_AIM])))
data/gnunet-0.13.1/src/rps/gnunet-rps-profiler.c:894:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} */size = strlen (line) * sizeof(char);
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:1541:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (string_repr);
data/gnunet-0.13.1/src/rps/gnunet-service-rps.c:4908:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (hash_port_string),
data/gnunet-0.13.1/src/rps/rps-test_util.c:87:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (name),
data/gnunet-0.13.1/src/rps/rps-test_util.c:428:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (str),
data/gnunet-0.13.1/src/rps/rps-test_util.c:482:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_file_name = (strlen (prefix)
data/gnunet-0.13.1/src/rps/rps-test_util.c:483:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (index_str)
data/gnunet-0.13.1/src/rps/rps-test_util.h:76:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
(void) strncat (tmp_buf, "\n", 512); \
data/gnunet-0.13.1/src/rps/rps-test_util.h:97:56: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
(void) strncat (tmp_buf, "\n", \
data/gnunet-0.13.1/src/rps/rps_api.c:757:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("rps"),
data/gnunet-0.13.1/src/rps/rps_api.c:759:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (share_val),
data/gnunet-0.13.1/src/rps/test_rps.c:626:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} */size = strlen (line) * sizeof(char);
data/gnunet-0.13.1/src/rps/test_rps.c:2539:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp ("# rounds blocked - no pull replies", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2545:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2551:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("# rounds blocked - too many pushes")))
data/gnunet-0.13.1/src/rps/test_rps.c:2556:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2561:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# rounds blocked - no pushes", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2566:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# rounds blocked", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2571:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# rounds", stat_str, strlen ("# rounds")))
data/gnunet-0.13.1/src/rps/test_rps.c:2575:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# push send issued", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2580:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull request send issued", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2585:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull reply send issued", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2590:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pushes sent", stat_str, strlen ("# pushes sent")))
data/gnunet-0.13.1/src/rps/test_rps.c:2594:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull requests sent", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2599:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull replys sent", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2604:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# push message received", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2609:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull request message received", stat_str, strlen (
data/gnunet-0.13.1/src/rps/test_rps.c:2614:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (0 == strncmp ("# pull reply messages received", stat_str, strlen (
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:233:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (input_session_key)))
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:241:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (input_session_key),
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:246:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (input_peer_id),
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:256:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
('\'' == begin[strlen (begin) - 1]))
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:258:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
begin[strlen (begin) - 1] = '\0';
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:259:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (begin) > 0)
data/gnunet-0.13.1/src/scalarproduct/gnunet-scalarproduct.c:299:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (begin),
data/gnunet-0.13.1/src/secretsharing/gnunet-secretsharing-profiler.c:604:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (session_str, strlen (session_str), &session_id);
data/gnunet-0.13.1/src/set/test_set_api.c:202:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:205:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:208:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:223:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:226:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:265:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:268:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_api.c:271:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:195:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:201:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:207:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:227:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:233:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:266:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:272:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_intersection_result_full.c:278:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_copy.c:57:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (str);
data/gnunet-0.13.1/src/set/test_set_union_copy.c:73:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (str);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:249:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:255:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:261:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:283:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:289:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:326:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:329:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/set/test_set_union_result_symmetric.c:332:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element.size = strlen (element.data);
data/gnunet-0.13.1/src/sq/sq_prepare.c:69:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ps[i].sql),
data/gnunet-0.13.1/src/sq/sq_result_helper.c:257:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dst_size = strlen (text) + 1;
data/gnunet-0.13.1/src/sq/test_sq.c:48:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (zSql),
data/gnunet-0.13.1/src/sq/test_sq.c:123:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_SQ_query_param_fixed_size (msg, strlen (msg)),
data/gnunet-0.13.1/src/sq/test_sq.c:203:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_break (strlen (msg) == msg2_len);
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:271:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (se->service) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:277:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (pos->name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:339:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (e->subsystem->service) + 1 + strlen (e->name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:339:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen (e->subsystem->service) + 1 + strlen (e->name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:440:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (service);
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:441:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name);
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:529:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (service) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:674:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-service-statistics.c:771:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:231:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:234:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? ":" : csv_separator));
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:244:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:246:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:247:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? ":" : csv_separator));
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:299:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:302:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? ":" : csv_separator),
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:313:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:315:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? "" : "\""), /* quotes if csv */
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:316:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (csv_separator) ? ":" : csv_separator),
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:492:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_subsys_name = strlen (subsystem) + 3 + strlen (name) + 1;
data/gnunet-0.13.1/src/statistics/gnunet-statistics.c:492:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_subsys_name = strlen (subsystem) + 3 + strlen (name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:345:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (watch->subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:346:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (watch->name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:780:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen1 = strlen (c->subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:781:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen2 = strlen (c->name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:816:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen1 = strlen (handle->current->subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:817:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen2 = strlen (handle->current->name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:852:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (handle->current->subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:853:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (handle->current->name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:1096:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen1 = strlen (subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:1097:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen2 = strlen (name) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:1244:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (h->subsystem) + 1;
data/gnunet-0.13.1/src/statistics/statistics_api.c:1245:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nlen = strlen (name) + 1;
data/gnunet-0.13.1/src/testbed-logger/test_testbed_logger_api.c:131:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (filename);
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:132:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
emsg_len = (NULL == emsg) ? 0 : strlen (emsg) + 1;
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:591:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (emsg) + 1,
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed.c:595:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (emsg) + 1);
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_barriers.c:290:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (name) + 1;
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_barriers.c:291:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
err_len = ((NULL == emsg) ? 0 : (strlen (emsg) + 1));
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_cpustatus.c:333:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp (khelper->ks_name, "cpu_stat", strlen ("cpu_stat")))
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_links.c:579:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msize += strlen (emsg);
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_links.c:597:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (emsg));
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:78:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((local_n = read (fd, buf, sizeof buf - 1)) < 0) { \
data/gnunet-0.13.1/src/testbed/gnunet-service-testbed_meminfo.c:249:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (head) >= sizeof(namebuf))
data/gnunet-0.13.1/src/testbed/gnunet-testbed-profiler.c:233:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) getc (stdin);
data/gnunet-0.13.1/src/testbed/testbed_api.c:1678:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (controller_hostname) + 1;
data/gnunet-0.13.1/src/testbed/testbed_api.c:1999:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trusted_ip_len = strlen (trusted_ip);
data/gnunet-0.13.1/src/testbed/testbed_api.c:2000:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_len = (NULL == hostname) ? 0 : strlen (hostname);
data/gnunet-0.13.1/src/testbed/testbed_api.c:2385:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (name);
data/gnunet-0.13.1/src/testbed/testbed_api.c:2464:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (barrier->name);
data/gnunet-0.13.1/src/testbed/testbed_api_barriers.c:232:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (name); /* NOTE: unusual to not have 0-termination, change? */
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:1476:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
username_length = strlen (username);
data/gnunet-0.13.1/src/testbed/testbed_api_hosts.c:1478:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostname_length = strlen (hostname);
data/gnunet-0.13.1/src/testbed/testbed_api_peers.c:989:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msize = strlen (service_name) + 1;
data/gnunet-0.13.1/src/testing/gnunet-testing.c:251:7: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getchar ();
data/gnunet-0.13.1/src/testing/testing.c:1767:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (argv0) + 1;
data/gnunet-0.13.1/src/topology/friends.c:241:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (buf);
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:919:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("TCP-key"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:930:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("TCP-ctr"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:942:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("TCP-hmac"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1342:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1345:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen (cp) - 1] = '\0'; /* eat ']'*/
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1349:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (bindto) == strlen (token))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1349:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (bindto) == strlen (token))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1386:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr_and_port) == strlen (token))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1386:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr_and_port) == strlen (token))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:1411:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 == sscanf (addr, "%u%1s", &port, dummy))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:2174:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:2179:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
data/gnunet-0.13.1/src/transport/gnunet-communicator-tcp.c:2683:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 == sscanf (bindto, "%u%1s", &port, dummy))
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:881:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("UDP-KID"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:999:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("UDP-IV-KEY"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1089:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("CMAC"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1093:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("UDP-CMAC"),
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1779:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 == sscanf (bindto, "%u%1s", &port, dummy))
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1822:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 == sscanf (colon, "%u%1s", &port, dummy))
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1871:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (('[' == *cp) && (']' == cp[strlen (cp) - 1]))
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:1874:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen (cp) - 1] = '\0'; /* eat ']' */
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:2278:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
data/gnunet-0.13.1/src/transport/gnunet-communicator-udp.c:2283:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:313:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (0 < strlen (unixpath)); /* sanity check */
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:316:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (unixpath);
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:867:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (COMMUNICATOR_ADDRESS_PREFIX "-")))
data/gnunet-0.13.1/src/transport/gnunet-communicator-unix.c:872:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = &address[strlen (COMMUNICATOR_ADDRESS_PREFIX "-")];
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:785:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read (*((int *) sock), tmpbuf, buf_size);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:882:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev_info.name, dev->iface, BLUEZ_DEVNAME_SIZE);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1453:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev.iface, argv[1], IFNAMSIZ);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-bluetooth.c:1758:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (i, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:236:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (0);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:454:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readsize = read (STDIN_FILENO, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan-dummy.c:480:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readsize = read (fdpin, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1401:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (wrq.ifr_name, dev->iface, IFNAMSIZ);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1439:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
caplen = read (dev->fd_raw, tmpbuf, buf_size);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1668:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev->iface, IFNAMSIZ);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:1701:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (wrq.ifr_name, dev->iface, IFNAMSIZ);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:2007:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev.iface, argv[1], IFNAMSIZ);
data/gnunet-0.13.1/src/transport/gnunet-helper-transport-wlan.c:2133:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (STDIN_FILENO, readbuf, sizeof(readbuf));
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:3185:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t addr_len = strlen (address) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4338:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("transport-backchannel-key"),
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:4957:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (is) + 1);
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:7975:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (vs->address) + 1,
data/gnunet-0.13.1/src/transport/gnunet-service-tng.c:9166:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen (address) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:878:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (buf) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:1009:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen (address->transport_name) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:1215:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (info->address->transport_name) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:1801:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (address->transport_name) > 0);
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:2540:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (option),
data/gnunet-0.13.1/src/transport/gnunet-service-transport.c:2713:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ds),
data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c:590:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (ve->address->transport_name) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c:1152:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_plugin = strlen (addr) + 1;
data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c:1170:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_snprintf (pos, strlen ("_server") + 1, "%s", "_server");
data/gnunet-0.13.1/src/transport/gnunet-service-transport_validation.c:1492:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (tname) + 1;
data/gnunet-0.13.1/src/transport/gnunet-transport-profiler.c:507:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cpid),
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-receiver.c:77:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (commpipe[0], msg_buf, sizeof(msg_buf));
data/gnunet-0.13.1/src/transport/gnunet-transport-wlan-sender.c:192:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sizeof(hcm) != read (macpipe[0], &hcm, sizeof(hcm)))
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:71:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
host_start += strlen ("://");
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:72:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (host_start) == 0)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:90:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (host_start) < 1)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:161:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (host_start) > 0)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:267:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (res) + 1 < 500)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:269:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (rbuf, res, strlen (res) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:633:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (res) + 1 < 500)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:635:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (rbuf, res, strlen (res) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:685:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr) != addrlen - 1)
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:710:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlen = strlen (address) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:746:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (res) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_http_common.c:821:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
== GNUNET_STRINGS_to_address_ip (to_conv, strlen (to_conv), s))
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:1794:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen (HTTP_ERROR_RESPONSE),
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:1811:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen ("Thank you!"),
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:1857:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
response = MHD_create_response_from_buffer (strlen ("Thank you!"),
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:2971:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
urlen = strlen (url) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:3187:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (tmp) > 1) && (NULL != (pos = strchr (tmp, '/'))))
data/gnunet-0.13.1/src/transport/plugin_transport_http_server.c:3250:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plugin->peer_id_length = strlen (GNUNET_i2s_full (plugin->env->my_identity));
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1155:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1160:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (unixpath) >= sizeof(s_un.sun_path))
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1604:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr) != addrlen - 1)
data/gnunet-0.13.1/src/transport/plugin_transport_tcp.c:1631:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_to_address_ip (address, strlen (address), &socket_address))
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:957:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr) != addrlen - 1)
data/gnunet-0.13.1/src/transport/plugin_transport_udp.c:984:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_to_address_ip (address, strlen (address), &socket_address))
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:393:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addrstr) + 1 != addr_str_len)
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:547:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (0 < strlen (unixpath)); /* sanity check */
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:550:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (unixpath);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:855:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addrstr) + 1 != addr_str_len)
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1041:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua_len = sizeof(struct UnixAddress) + strlen (un.sun_path) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1043:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->addrlen = htonl (strlen (&un.sun_path[0]) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1044:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&ua[1], &un.sun_path[0], strlen (un.sun_path) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1450:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addrstr) + 1 != addr_str_len)
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1538:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr) != addrlen - 1)
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1570:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua_size = sizeof(struct UnixAddress) + strlen (address) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1573:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->addrlen = htonl (strlen (address) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1574:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_memcpy (&ua[1], address, strlen (address) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1597:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(struct UnixAddress) + strlen (plugin->unix_socket_path) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1600:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->addrlen = htonl (strlen (plugin->unix_socket_path) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1604:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (plugin->unix_socket_path) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1821:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(struct UnixAddress) + strlen (plugin->unix_socket_path) + 1;
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1824:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ua->addrlen = htonl (strlen (plugin->unix_socket_path) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_unix.c:1827:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (plugin->unix_socket_path) + 1);
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:2138:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (addr) != addrlen - 1)
data/gnunet-0.13.1/src/transport/plugin_transport_wlan.c:2144:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (8 != sscanf (addr,
data/gnunet-0.13.1/src/transport/tcp_connection_legacy.c:841:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (0 < strlen (hostname)); /* sanity check */
data/gnunet-0.13.1/src/transport/tcp_connection_legacy.c:875:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (0 < strlen (unixpath)); /* sanity check */
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:626:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:631:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (unixpath) >= sizeof(s_un.sun_path))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1011:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (rdir);
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1020:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL != user) && (0 < strlen (user)))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1043:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL != user) && (0 < strlen (user)))
data/gnunet-0.13.1/src/transport/tcp_service_legacy.c:1183:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != read (filedes[0], &c, sizeof(char)))
data/gnunet-0.13.1/src/transport/test_plugin_transport.c:364:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (w->addrstring) + 1,
data/gnunet-0.13.1/src/transport/test_plugin_transport.c:670:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (argv[0]) > strlen ("test_plugin_"));
data/gnunet-0.13.1/src/transport/test_plugin_transport.c:670:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (argv[0]) > strlen ("test_plugin_"));
data/gnunet-0.13.1/src/transport/test_plugin_transport.c:679:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plugin += strlen ("test_plugin_");
data/gnunet-0.13.1/src/transport/transport-testing-filenames.c:150:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename += strlen (t);
data/gnunet-0.13.1/src/transport/transport-testing2.c:1137:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen (address) + 1;
data/gnunet-0.13.1/src/transport/transport_api2_application.c:385:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen (addr) + 1;
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:364:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ai->address) + 1,
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:368:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (&aam[1], ai->address, strlen (ai->address) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:410:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (qh->address) + 1,
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:419:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (&aqm[1], qh->address, strlen (qh->address) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:782:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ch->addr_prefix) + 1,
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:785:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (&cam[1], ch->addr_prefix, strlen (ch->addr_prefix) + 1);
data/gnunet-0.13.1/src/transport/transport_api2_communication.c:1131:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (comm) + 1;
data/gnunet-0.13.1/src/transport/transport_api_address_to_string.c:202:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (address->transport_name) + 1;
data/gnunet-0.13.1/src/util/benchmark.c:89:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ( \
data/gnunet-0.13.1/src/util/benchmark.c:152:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (
data/gnunet-0.13.1/src/util/benchmark.c:257:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen (trunc); i++)
data/gnunet-0.13.1/src/util/bio.c:837:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (uint32_t) ((s == NULL) ? 0 : strlen (s) + 1);
data/gnunet-0.13.1/src/util/buffer.c:105:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (str);
data/gnunet-0.13.1/src/util/buffer.c:181:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (str);
data/gnunet-0.13.1/src/util/client.c:521:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/util/client.c:524:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (unixpath) >= sizeof(s_un.sun_path))
data/gnunet-0.13.1/src/util/client.c:737:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/util/client.c:769:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 != strlen (hostname)))
data/gnunet-0.13.1/src/util/client.c:915:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (unixpath))
data/gnunet-0.13.1/src/util/client.c:1098:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strlen (cstate->hostname)))
data/gnunet-0.13.1/src/util/common_allocation.c:368:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (str) + 1;
data/gnunet-0.13.1/src/util/common_logging.c:432:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (component))
data/gnunet-0.13.1/src/util/common_logging.c:439:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen (file))
data/gnunet-0.13.1/src/util/common_logging.c:447:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == function) || (0 == strlen (function)))
data/gnunet-0.13.1/src/util/common_logging.c:593:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (start) > 0)
data/gnunet-0.13.1/src/util/common_logging.c:724:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL != env_logfile) && (strlen (env_logfile) > 0))
data/gnunet-0.13.1/src/util/common_logging.c:1408:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (buf, ":");
data/gnunet-0.13.1/src/util/configuration.c:336:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncasecmp (line, "@INLINE@ ", strlen ("@INLINE@ ")))
data/gnunet-0.13.1/src/util/configuration.c:339:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = &line[strlen ("@INLINE@ ")];
data/gnunet-0.13.1/src/util/configuration.c:376:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (tag) - 1; (i >= 1) && (isspace ((unsigned char) tag[i]));
data/gnunet-0.13.1/src/util/configuration.c:384:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen (value) - 1;
data/gnunet-0.13.1/src/util/configuration.c:391:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (('"' == value[0]) && ('"' == value[strlen (value) - 1]))
data/gnunet-0.13.1/src/util/configuration.c:393:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen (value) - 1] = '\0';
data/gnunet-0.13.1/src/util/configuration.c:519:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_size += strlen (sec->name) + 3;
data/gnunet-0.13.1/src/util/configuration.c:533:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_size += strlen (ent->key) + strlen (ent->val) + 4;
data/gnunet-0.13.1/src/util/configuration.c:533:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_size += strlen (ent->key) + strlen (ent->val) + 4;
data/gnunet-0.13.1/src/util/configuration.c:558:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val = GNUNET_malloc (strlen (ent->val) * 2 + 1);
data/gnunet-0.13.1/src/util/configuration.c:562:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (&pos[2], &pos[1], strlen (&pos[1]));
data/gnunet-0.13.1/src/util/configuration.c:1000:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf (e->val, "%llu%1s", number, dummy))
data/gnunet-0.13.1/src/util/configuration.c:1029:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf (e->val, "%f%1s", number, dummy))
data/gnunet-0.13.1/src/util/configuration.c:1193:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_size = (strlen (enc) * 5) / 8;
data/gnunet-0.13.1/src/util/configuration.c:1200:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_string_to_data (enc, strlen (enc), buf, buf_size))
data/gnunet-0.13.1/src/util/configuration.c:1378:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (prefix) + 1;
data/gnunet-0.13.1/src/util/configuration.c:1383:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = GNUNET_malloc (strlen (prefix) + strlen (post) + 1);
data/gnunet-0.13.1/src/util/configuration.c:1383:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = GNUNET_malloc (strlen (prefix) + strlen (post) + 1);
data/gnunet-0.13.1/src/util/configuration.c:1425:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dup) + 1;
data/gnunet-0.13.1/src/util/configuration.c:1532:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pos) == 0)
data/gnunet-0.13.1/src/util/configuration.c:1543:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (end, &end[1], strlen (&end[1]) + 1);
data/gnunet-0.13.1/src/util/configuration.c:1558:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pos) > 0)
data/gnunet-0.13.1/src/util/configuration.c:1589:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped = GNUNET_malloc (strlen (value) * 2 + 1);
data/gnunet-0.13.1/src/util/configuration.c:1590:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset (escaped, 0, strlen (value) * 2 + 1);
data/gnunet-0.13.1/src/util/configuration.c:1664:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nw = GNUNET_malloc (strlen (old) + strlen (escaped) + 2);
data/gnunet-0.13.1/src/util/configuration.c:1664:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nw = GNUNET_malloc (strlen (old) + strlen (escaped) + 2);
data/gnunet-0.13.1/src/util/configuration.c:1666:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (old) > 0)
data/gnunet-0.13.1/src/util/configuration.c:1667:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (nw, " ");
data/gnunet-0.13.1/src/util/configuration.c:1711:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pos) == 0)
data/gnunet-0.13.1/src/util/configuration.c:1741:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (pos, &end[1], strlen (&end[1]) + 1);
data/gnunet-0.13.1/src/util/container_meta_data.c:527:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dat, strlen (dat) + 1);
data/gnunet-0.13.1/src/util/container_meta_data.c:645:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strncasecmp ("image/", pos->mime_type, strlen ("image/"))) &&
data/gnunet-0.13.1/src/util/container_meta_data.c:831:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msize += strlen (pos->plugin_name) + 1;
data/gnunet-0.13.1/src/util/container_meta_data.c:833:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msize += strlen (pos->mime_type) + 1;
data/gnunet-0.13.1/src/util/container_meta_data.c:858:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
plen = strlen (pos->plugin_name) + 1;
data/gnunet-0.13.1/src/util/container_meta_data.c:863:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mlen = strlen (pos->mime_type) + 1;
data/gnunet-0.13.1/src/util/container_meta_data.c:975:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left -= strlen (pos->plugin_name) + 1;
data/gnunet-0.13.1/src/util/container_meta_data.c:977:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left -= strlen (pos->mime_type) + 1;
data/gnunet-0.13.1/src/util/crypto_ecc.c:884:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (salt),
data/gnunet-0.13.1/src/util/crypto_ecc.c:888:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (label),
data/gnunet-0.13.1/src/util/crypto_ecc.c:890:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (context),
data/gnunet-0.13.1/src/util/crypto_ecc_setup.c:107:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd,
data/gnunet-0.13.1/src/util/crypto_hash.c:230:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"Hash key derivation", strlen (
data/gnunet-0.13.1/src/util/crypto_hash.c:237:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"Initialization vector derivation", strlen (
data/gnunet-0.13.1/src/util/crypto_kdf.c:152:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctx, strlen (ctx),
data/gnunet-0.13.1/src/util/crypto_pow.c:46:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (salt) == crypto_pwhash_argon2id_SALTBYTES);
data/gnunet-0.13.1/src/util/crypto_rsa.c:558:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xts, strlen (xts),
data/gnunet-0.13.1/src/util/disk.c:414:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask (S_IWGRP | S_IWOTH | S_IRGRP | S_IROTH);
data/gnunet-0.13.1/src/util/disk.c:420:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (omask);
data/gnunet-0.13.1/src/util/disk.c:423:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (omask);
data/gnunet-0.13.1/src/util/disk.c:442:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (fil) + 20;
data/gnunet-0.13.1/src/util/disk.c:474:11: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
omask = umask (S_IWGRP | S_IWOTH | S_IRGRP | S_IROTH);
data/gnunet-0.13.1/src/util/disk.c:480:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (omask);
data/gnunet-0.13.1/src/util/disk.c:483:3: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask (omask);
data/gnunet-0.13.1/src/util/disk.c:604:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (rdir);
data/gnunet-0.13.1/src/util/disk.c:703:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (rdir);
data/gnunet-0.13.1/src/util/disk.c:742:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read (h->fd, result, len);
data/gnunet-0.13.1/src/util/disk.c:774:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read (h->fd, result, len);
data/gnunet-0.13.1/src/util/disk.c:929:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen (dname) > 0) && (dname[strlen (dname) - 1] == DIR_SEPARATOR))
data/gnunet-0.13.1/src/util/disk.c:929:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen (dname) > 0) && (dname[strlen (dname) - 1] == DIR_SEPARATOR))
data/gnunet-0.13.1/src/util/disk.c:930:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dname[strlen (dname) - 1] = '\0';
data/gnunet-0.13.1/src/util/disk.c:956:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_size = strlen (dname) + name_len + strlen (DIR_SEPARATOR_STR) + 1;
data/gnunet-0.13.1/src/util/disk.c:956:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_size = strlen (dname) + name_len + strlen (DIR_SEPARATOR_STR) + 1;
data/gnunet-0.13.1/src/util/disk.c:965:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name_len < strlen (finfo->d_name))
data/gnunet-0.13.1/src/util/disk.c:968:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen (finfo->d_name);
data/gnunet-0.13.1/src/util/disk.c:969:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_size = strlen (dname) + name_len + strlen (DIR_SEPARATOR_STR) + 1;
data/gnunet-0.13.1/src/util/disk.c:969:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_size = strlen (dname) + name_len + strlen (DIR_SEPARATOR_STR) + 1;
data/gnunet-0.13.1/src/util/dnsparser.c:64:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (output);
data/gnunet-0.13.1/src/util/dnsparser.c:96:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (output);
data/gnunet-0.13.1/src/util/dnsparser.c:298:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (ret) > udp_payload_length)
data/gnunet-0.13.1/src/util/dnsparser.c:314:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 < strlen (ret))
data/gnunet-0.13.1/src/util/dnsparser.c:315:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret[strlen (ret) - 1] = '\0'; /* eat tailing '.' */
data/gnunet-0.13.1/src/util/dnsparser.c:917:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (start + strlen (idna_name) + 2 > dst_len)
data/gnunet-0.13.1/src/util/dnsparser.c:924:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (idna_name);
data/gnunet-0.13.1/src/util/dnsparser.c:1385:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_size = strlen (hex) / 2;
data/gnunet-0.13.1/src/util/getopt.c:216:1: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (const char *);
data/gnunet-0.13.1/src/util/getopt.c:542:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int) strlen (p->name))
data/gnunet-0.13.1/src/util/getopt.c:568:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:601:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:620:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:624:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:739:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((unsigned int) (nameend - nextchar) == strlen (p->name))
data/gnunet-0.13.1/src/util/getopt.c:764:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:785:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:800:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt.c:804:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nextchar += strlen (nextchar);
data/gnunet-0.13.1/src/util/getopt_helpers.c:127:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = 8 + strlen (opt[i].name);
data/gnunet-0.13.1/src/util/getopt_helpers.c:131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += 1 + strlen (opt[i].argumentHelp);
data/gnunet-0.13.1/src/util/getopt_helpers.c:143:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 < strlen (opt[i].description))
data/gnunet-0.13.1/src/util/getopt_helpers.c:147:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ml = strlen (trans);
data/gnunet-0.13.1/src/util/getopt_helpers.c:178:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (trans) == 0)
data/gnunet-0.13.1/src/util/getopt_helpers.c:565:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf (value, "%llu%1s", val, dummy))
data/gnunet-0.13.1/src/util/getopt_helpers.c:856:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf (value, "%u%1s", val, dummy))
data/gnunet-0.13.1/src/util/getopt_helpers.c:921:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 != sscanf (value, "%u%1s", &v, dummy))
data/gnunet-0.13.1/src/util/getopt_helpers.c:1011:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (value),
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:82:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_hash (str, strlen (str), &hc);
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:85:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_data (" input", str, strlen (str));
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:180:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (salt),
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:182:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ikm),
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:184:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (ctx),
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:188:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_data (" salt", salt, strlen (salt));
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:189:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_data (" ikm", ikm, strlen (ikm));
data/gnunet-0.13.1/src/util/gnunet-crypto-tvg.c:190:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
display_data (" ctx", ctx, strlen (ctx));
data/gnunet-0.13.1/src/util/gnunet-qr.c:142:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncasecmp ("gnunet://", uri, strlen ("gnunet://")))
data/gnunet-0.13.1/src/util/gnunet-qr.c:149:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri += strlen ("gnunet://");
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:287:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (line, "nameserver ", strlen ("nameserver ")))
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:288:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return GNUNET_strndup (line + strlen ("nameserver "),
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:289:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len - strlen ("nameserver "));
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:306:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strncmp (line, "search ", strlen ("search ")))
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:307:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return GNUNET_strndup (line + strlen ("search "),
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:308:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len - strlen ("search "));
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:475:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload_len = strlen (record->data.hostname) + 1;
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:482:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
payload_len = strlen (record->data.hostname) + 1;
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:956:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (hostname) + strlen (my_domain) <= 253))
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:956:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (hostname) + strlen (my_domain) <= 253))
data/gnunet-0.13.1/src/util/gnunet-service-resolver.c:960:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (hostname) < 255)
data/gnunet-0.13.1/src/util/gnunet-uri.c:91:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncasecmp ("gnunet://", uri, strlen ("gnunet://")))
data/gnunet-0.13.1/src/util/gnunet-uri.c:98:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uri += strlen ("gnunet://");
data/gnunet-0.13.1/src/util/network.c:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (unixpath);
data/gnunet-0.13.1/src/util/network.c:172:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (16 + strlen (unixpath) >= upm)
data/gnunet-0.13.1/src/util/network.c:532:18: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
old_mask = umask (S_IWGRP | S_IRGRP | S_IXGRP | S_IWOTH | S_IROTH
data/gnunet-0.13.1/src/util/network.c:540:14: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
(void) umask (old_mask);
data/gnunet-0.13.1/src/util/network.c:587:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (dirname);
data/gnunet-0.13.1/src/util/os_installation.c:158:15: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((1 == sscanf (line,
data/gnunet-0.13.1/src/util/os_installation.c:199:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((((size_t) size) > strlen (lep)) &&
data/gnunet-0.13.1/src/util/os_installation.c:200:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 == strcmp (lep, &lnk[size - strlen (lep)])))
data/gnunet-0.13.1/src/util/os_installation.c:201:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size -= strlen (lep) - 1;
data/gnunet-0.13.1/src/util/os_installation.c:257:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/gnunet-0.13.1/src/util/os_installation.c:286:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == path) || (0 == strlen (path)))
data/gnunet-0.13.1/src/util/os_installation.c:289:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = p + strlen (p);
data/gnunet-0.13.1/src/util/os_installation.c:324:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = GNUNET_malloc (strlen (path) + strlen (binary) + 1 + 1);
data/gnunet-0.13.1/src/util/os_installation.c:324:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = GNUNET_malloc (strlen (path) + strlen (binary) + 1 + 1);
data/gnunet-0.13.1/src/util/os_installation.c:466:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (execpath);
data/gnunet-0.13.1/src/util/os_installation.c:733:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == path) || (0 == strlen (path)))
data/gnunet-0.13.1/src/util/os_installation.c:735:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen (path);
data/gnunet-0.13.1/src/util/os_network.c:109:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (line) == 0)
data/gnunet-0.13.1/src/util/os_network.c:116:24: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
have_ifc = (1 == sscanf (line, "%11s", ifc)) ? GNUNET_YES : GNUNET_NO;
data/gnunet-0.13.1/src/util/os_network.c:118:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ifc[strlen (ifc) - 1] == ':')
data/gnunet-0.13.1/src/util/os_network.c:119:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ifc[strlen (ifc) - 1] = '\0';
data/gnunet-0.13.1/src/util/os_network.c:144:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(3 == sscanf (start, "inet addr:%127s Bcast:%127s Mask:%127s", addrstr,
data/gnunet-0.13.1/src/util/os_network.c:146:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(2 == sscanf (start, "inet addr:%127s Mask:%127s", addrstr,
data/gnunet-0.13.1/src/util/os_network.c:148:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(2 == sscanf (start, "inet6 addr:%127s %d", addrstr, &prefixlen)) ||
data/gnunet-0.13.1/src/util/os_network.c:150:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(1 == sscanf (start, "inet %127s", addrstr)) ||
data/gnunet-0.13.1/src/util/os_network.c:151:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(1 == sscanf (start, "inet6 %127s", addrstr)))
data/gnunet-0.13.1/src/util/os_network.c:303:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (4 != sscanf (line,
data/gnunet-0.13.1/src/util/os_priority.c:119:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert ((NULL == pipe_fd) || (strlen (pipe_fd) <= 0));
data/gnunet-0.13.1/src/util/os_priority.c:156:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == env_buf) || (strlen (env_buf) <= 0))
data/gnunet-0.13.1/src/util/os_priority.c:864:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (argv[i]);
data/gnunet-0.13.1/src/util/plugin.c:343:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (libname);
data/gnunet-0.13.1/src/util/plugin.c:344:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strncmp (lac->basename, libname, strlen (lac->basename)))
data/gnunet-0.13.1/src/util/regex.c:200:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (arg);
data/gnunet-0.13.1/src/util/regex.c:252:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char dots[5 * strlen (DOT)];
data/gnunet-0.13.1/src/util/regex.c:289:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (before) > 0)
data/gnunet-0.13.1/src/util/regex.c:290:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
before[strlen (before) - 1] = '\0';
data/gnunet-0.13.1/src/util/regex.c:291:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middlel) > 0)
data/gnunet-0.13.1/src/util/regex.c:292:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
middlel[strlen (middlel) - 1] = '\0';
data/gnunet-0.13.1/src/util/regex.c:293:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middleh) > 0)
data/gnunet-0.13.1/src/util/regex.c:294:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
middleh[strlen (middleh) - 1] = '\0';
data/gnunet-0.13.1/src/util/regex.c:295:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (after) > 0)
data/gnunet-0.13.1/src/util/regex.c:296:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
after[strlen (after) - 1] = '\0';
data/gnunet-0.13.1/src/util/regex.c:330:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middlel) > 0)
data/gnunet-0.13.1/src/util/regex.c:337:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middleh) > 0)
data/gnunet-0.13.1/src/util/regex.c:367:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (middleh) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:368:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (rech) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:369:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (middlel) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:370:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (recl) > 0))
data/gnunet-0.13.1/src/util/regex.c:379:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen (middleh) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:380:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (rech) > 0))
data/gnunet-0.13.1/src/util/regex.c:387:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((strlen (middlel) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:388:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (recl) > 0))
data/gnunet-0.13.1/src/util/regex.c:399:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen (before) > 0) &&
data/gnunet-0.13.1/src/util/regex.c:400:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen (after) > 0))
data/gnunet-0.13.1/src/util/regex.c:402:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dots) > 0)
data/gnunet-0.13.1/src/util/regex.c:404:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:419:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:437:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (before) > 0)
data/gnunet-0.13.1/src/util/regex.c:439:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dots) > 0)
data/gnunet-0.13.1/src/util/regex.c:441:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:453:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:464:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (after) > 0)
data/gnunet-0.13.1/src/util/regex.c:466:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dots) > 0)
data/gnunet-0.13.1/src/util/regex.c:468:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:480:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:491:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen (middle) > 0)
data/gnunet-0.13.1/src/util/regex.c:571:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen (pos);
data/gnunet-0.13.1/src/util/regex.c:818:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (service_name),
data/gnunet-0.13.1/src/util/resolver_api.c:950:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (hostname) + 1;
data/gnunet-0.13.1/src/util/service.c:1121:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(0 < strlen (unixpath)))
data/gnunet-0.13.1/src/util/service.c:1126:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (unixpath) >= sizeof(s_un.sun_path))
data/gnunet-0.13.1/src/util/service.c:1488:13: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
(1 == sscanf (nfds, "%u%1s", &cnt, dummy)) && (cnt > 0) &&
data/gnunet-0.13.1/src/util/service.c:1736:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != read (filedes[0], &c, sizeof(char)))
data/gnunet-0.13.1/src/util/service.c:1829:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen (pd->agpl_url) + 1;
data/gnunet-0.13.1/src/util/strings.c:77:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen (s) + 1;
data/gnunet-0.13.1/src/util/strings.c:418:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eos = &fancy_time[strlen (fancy_time)];
data/gnunet-0.13.1/src/util/strings.c:573:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ((char *) input),
data/gnunet-0.13.1/src/util/strings.c:598:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ((char *) input),
data/gnunet-0.13.1/src/util/strings.c:683:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(fm[strlen (fm) - 1] == DIR_SEPARATOR) ? ""
data/gnunet-0.13.1/src/util/strings.c:1062:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/gnunet-0.13.1/src/util/strings.c:1257:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ret = sscanf (port_colon, ":%u%1s", &port, dummy);
data/gnunet-0.13.1/src/util/strings.c:1308:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
cnt = sscanf (zt_addr,
data/gnunet-0.13.1/src/util/strings.c:1383:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cp),
data/gnunet-0.13.1/src/util/strings.c:1401:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (cp),
data/gnunet-0.13.1/src/util/strings.c:1428:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argvsize += strlen (argv[i]) + 1 + sizeof(char *);
data/gnunet-0.13.1/src/util/strings.c:1435:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (argv[i]) + 1;
data/gnunet-0.13.1/src/util/strings.c:1494:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (2 == sscanf (pos, "%u-%u%1s", &s, &e, eol))
data/gnunet-0.13.1/src/util/strings.c:1505:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (1 == sscanf (pos, "%u%1s", &s, eol))
data/gnunet-0.13.1/src/util/strings.c:1555:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (routeListX);
data/gnunet-0.13.1/src/util/strings.c:1584:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
cnt = sscanf (&routeList[pos],
data/gnunet-0.13.1/src/util/strings.c:1616:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
cnt = sscanf (&routeList[pos],
data/gnunet-0.13.1/src/util/strings.c:1664:11: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
cnt = sscanf (&routeList[pos],
data/gnunet-0.13.1/src/util/strings.c:1703:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos < strlen (routeList))
data/gnunet-0.13.1/src/util/strings.c:1748:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (routeListX);
data/gnunet-0.13.1/src/util/strings.c:1804:19: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((1 != sscanf (&routeList[slash + 1], "%u%1s", &bits, dummy)) ||
data/gnunet-0.13.1/src/util/strings.c:1952:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen (enc);
data/gnunet-0.13.1/src/util/strings.c:2059:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; i < strlen (s); i++)
data/gnunet-0.13.1/src/util/test_bio.c:300:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (TESTSTRING)),
data/gnunet-0.13.1/src/util/test_common_allocation.c:73:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (ptrs[0]) == 11);
data/gnunet-0.13.1/src/util/test_container_meta_data.c:49:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("TestTitle") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:56:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("TestTitle") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:62:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen (
data/gnunet-0.13.1/src/util/test_container_meta_data.c:69:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen (
data/gnunet-0.13.1/src/util/test_container_meta_data.c:76:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen ("TestTitle") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:80:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen (
data/gnunet-0.13.1/src/util/test_container_meta_data.c:87:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen ("TestTitle") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:91:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen (
data/gnunet-0.13.1/src/util/test_container_meta_data.c:104:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"text/plain", val, strlen (val) + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:135:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (val) + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:164:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txt, strlen (txt) + 1);
data/gnunet-0.13.1/src/util/test_container_meta_data.c:194:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("link") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:201:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("lib-link.m4") + 1))
data/gnunet-0.13.1/src/util/test_container_meta_data.c:236:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen ("TestTitle") + 1);
data/gnunet-0.13.1/src/util/test_container_meta_data.c:240:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"TestTitle", strlen ("TestTitle") + 1);
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:42:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_CRYPTO_symmetric_encrypt (TESTSTRING, strlen (TESTSTRING) + 1, &key,
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:58:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (TESTSTRING) + 1 != size)
data/gnunet-0.13.1/src/util/test_crypto_symmetric.c:161:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_assert (strlen (INITVALUE) >
data/gnunet-0.13.1/src/util/test_disk.c:38:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (TESTSTRING) !=
data/gnunet-0.13.1/src/util/test_disk.c:39:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_DISK_fn_write (".testfile", TESTSTRING, strlen (TESTSTRING),
data/gnunet-0.13.1/src/util/test_disk.c:52:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != memcmp (tmp, TESTSTRING, strlen (TESTSTRING) + 1))
data/gnunet-0.13.1/src/util/test_disk.c:68:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != memcmp (tmp, TESTSTRING, strlen (TESTSTRING) + 1))
data/gnunet-0.13.1/src/util/test_hexcoder.c:38:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char buf[strlen (TESTSTRING) + 1];
data/gnunet-0.13.1/src/util/test_hexcoder.c:43:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (TESTSTRING) + 1);
data/gnunet-0.13.1/src/util/test_os_start_process.c:98:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok = strncmp (rc.buf, test_phrase, strlen (test_phrase));
data/gnunet-0.13.1/src/util/test_os_start_process.c:155:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GNUNET_DISK_file_write (wh, test_phrase, strlen (test_phrase) + 1) !=
data/gnunet-0.13.1/src/util/test_os_start_process.c:156:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (test_phrase) + 1)
data/gnunet-0.13.1/src/util/test_strings_to_data.c:48:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
GNUNET_STRINGS_string_to_data (buf, strlen (buf), dst, i))
data/gnunet-0.13.1/src/util/test_strings_to_data.c:51:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int) strlen (buf));
data/gnunet-0.13.1/src/util/test_strings_to_data.c:57:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int) strlen (buf));
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:118:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name,
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:180:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name,
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:297:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ifr.ifr_name, dev, IFNAMSIZ);
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:460:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read (fd_tun, buftun + sizeof(struct GNUNET_MessageHeader),
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:524:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bufin_size = read (0, bufin + bufin_rpos, MAX_SIZE - bufin_rpos);
data/gnunet-0.13.1/src/vpn/gnunet-helper-vpn.c:630:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (dev,
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1425:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_IPV4_GATEWAY),
data/gnunet-0.13.1/src/vpn/gnunet-service-vpn.c:1432:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (GNUNET_APPLICATION_PORT_IPV6_GATEWAY),
data/gnunet-0.13.1/src/vpn/gnunet-vpn.c:237:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (peer_id),
ANALYSIS SUMMARY:
Hits = 2476
Lines analyzed = 559394 in approximately 12.40 seconds (45120 lines/second)
Physical Source Lines of Code (SLOC) = 324749
Hits@level = [0] 1782 [1] 1326 [2] 837 [3] 76 [4] 233 [5] 4
Hits@level+ = [0+] 4258 [1+] 2476 [2+] 1150 [3+] 313 [4+] 237 [5+] 4
Hits/KSLOC@level+ = [0+] 13.1117 [1+] 7.62435 [2+] 3.5412 [3+] 0.963821 [4+] 0.729794 [5+] 0.0123172
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.