Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/i2pd-2.32.1/Win32/DaemonWin32.cpp Examining data/i2pd-2.32.1/Win32/Win32App.cpp Examining data/i2pd-2.32.1/Win32/Win32App.h Examining data/i2pd-2.32.1/Win32/Win32NetState.cpp Examining data/i2pd-2.32.1/Win32/Win32NetState.h Examining data/i2pd-2.32.1/Win32/Win32Service.cpp Examining data/i2pd-2.32.1/Win32/Win32Service.h Examining data/i2pd-2.32.1/Win32/resource.h Examining data/i2pd-2.32.1/Win32/winres.h Examining data/i2pd-2.32.1/android/jni/DaemonAndroid.cpp Examining data/i2pd-2.32.1/android/jni/DaemonAndroid.h Examining data/i2pd-2.32.1/android/jni/i2pd_android.cpp Examining data/i2pd-2.32.1/android/jni/org_purplei2p_i2pd_I2PD_JNI.h Examining data/i2pd-2.32.1/daemon/Daemon.cpp Examining data/i2pd-2.32.1/daemon/Daemon.h Examining data/i2pd-2.32.1/daemon/HTTPServer.cpp Examining data/i2pd-2.32.1/daemon/HTTPServer.h Examining data/i2pd-2.32.1/daemon/I2PControl.cpp Examining data/i2pd-2.32.1/daemon/I2PControl.h Examining data/i2pd-2.32.1/daemon/UPnP.cpp Examining data/i2pd-2.32.1/daemon/UPnP.h Examining data/i2pd-2.32.1/daemon/UnixDaemon.cpp Examining data/i2pd-2.32.1/daemon/i2pd.cpp Examining data/i2pd-2.32.1/libi2pd/Base.cpp Examining data/i2pd-2.32.1/libi2pd/Base.h Examining data/i2pd-2.32.1/libi2pd/Blinding.cpp Examining data/i2pd-2.32.1/libi2pd/Blinding.h Examining data/i2pd-2.32.1/libi2pd/BloomFilter.cpp Examining data/i2pd-2.32.1/libi2pd/BloomFilter.h Examining data/i2pd-2.32.1/libi2pd/CPU.cpp Examining data/i2pd-2.32.1/libi2pd/CPU.h Examining data/i2pd-2.32.1/libi2pd/ChaCha20.cpp Examining data/i2pd-2.32.1/libi2pd/ChaCha20.h Examining data/i2pd-2.32.1/libi2pd/Config.cpp Examining data/i2pd-2.32.1/libi2pd/Config.h Examining data/i2pd-2.32.1/libi2pd/Crypto.cpp Examining data/i2pd-2.32.1/libi2pd/Crypto.h Examining data/i2pd-2.32.1/libi2pd/CryptoKey.cpp Examining data/i2pd-2.32.1/libi2pd/CryptoKey.h Examining data/i2pd-2.32.1/libi2pd/CryptoWorker.h Examining data/i2pd-2.32.1/libi2pd/Datagram.cpp Examining data/i2pd-2.32.1/libi2pd/Datagram.h Examining data/i2pd-2.32.1/libi2pd/Destination.cpp Examining data/i2pd-2.32.1/libi2pd/Destination.h Examining data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp Examining data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.h Examining data/i2pd-2.32.1/libi2pd/Ed25519.cpp Examining data/i2pd-2.32.1/libi2pd/Ed25519.h Examining data/i2pd-2.32.1/libi2pd/Elligator.cpp Examining data/i2pd-2.32.1/libi2pd/Elligator.h Examining data/i2pd-2.32.1/libi2pd/FS.cpp Examining data/i2pd-2.32.1/libi2pd/FS.h Examining data/i2pd-2.32.1/libi2pd/Family.cpp Examining data/i2pd-2.32.1/libi2pd/Family.h Examining data/i2pd-2.32.1/libi2pd/Garlic.cpp Examining data/i2pd-2.32.1/libi2pd/Garlic.h Examining data/i2pd-2.32.1/libi2pd/Gost.cpp Examining data/i2pd-2.32.1/libi2pd/Gost.h Examining data/i2pd-2.32.1/libi2pd/Gzip.cpp Examining data/i2pd-2.32.1/libi2pd/Gzip.h Examining data/i2pd-2.32.1/libi2pd/HTTP.cpp Examining data/i2pd-2.32.1/libi2pd/HTTP.h Examining data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp Examining data/i2pd-2.32.1/libi2pd/I2NPProtocol.h Examining data/i2pd-2.32.1/libi2pd/I2PEndian.cpp Examining data/i2pd-2.32.1/libi2pd/I2PEndian.h Examining data/i2pd-2.32.1/libi2pd/Identity.cpp Examining data/i2pd-2.32.1/libi2pd/Identity.h Examining data/i2pd-2.32.1/libi2pd/LeaseSet.cpp Examining data/i2pd-2.32.1/libi2pd/LeaseSet.h Examining data/i2pd-2.32.1/libi2pd/LittleBigEndian.h Examining data/i2pd-2.32.1/libi2pd/Log.cpp Examining data/i2pd-2.32.1/libi2pd/Log.h Examining data/i2pd-2.32.1/libi2pd/NTCP2.cpp Examining data/i2pd-2.32.1/libi2pd/NTCP2.h Examining data/i2pd-2.32.1/libi2pd/NTCPSession.cpp Examining data/i2pd-2.32.1/libi2pd/NTCPSession.h Examining data/i2pd-2.32.1/libi2pd/NetDb.cpp Examining data/i2pd-2.32.1/libi2pd/NetDb.hpp Examining data/i2pd-2.32.1/libi2pd/NetDbRequests.cpp Examining data/i2pd-2.32.1/libi2pd/NetDbRequests.h Examining data/i2pd-2.32.1/libi2pd/Poly1305.cpp Examining data/i2pd-2.32.1/libi2pd/Poly1305.h Examining data/i2pd-2.32.1/libi2pd/Profiling.cpp Examining data/i2pd-2.32.1/libi2pd/Profiling.h Examining data/i2pd-2.32.1/libi2pd/Queue.h Examining data/i2pd-2.32.1/libi2pd/Reseed.cpp Examining data/i2pd-2.32.1/libi2pd/Reseed.h Examining data/i2pd-2.32.1/libi2pd/RouterContext.cpp Examining data/i2pd-2.32.1/libi2pd/RouterContext.h Examining data/i2pd-2.32.1/libi2pd/RouterInfo.cpp Examining data/i2pd-2.32.1/libi2pd/RouterInfo.h Examining data/i2pd-2.32.1/libi2pd/SSU.cpp Examining data/i2pd-2.32.1/libi2pd/SSU.h Examining data/i2pd-2.32.1/libi2pd/SSUData.cpp Examining data/i2pd-2.32.1/libi2pd/SSUData.h Examining data/i2pd-2.32.1/libi2pd/SSUSession.cpp Examining data/i2pd-2.32.1/libi2pd/SSUSession.h Examining data/i2pd-2.32.1/libi2pd/Signature.cpp Examining data/i2pd-2.32.1/libi2pd/Signature.h Examining data/i2pd-2.32.1/libi2pd/Siphash.h Examining data/i2pd-2.32.1/libi2pd/Streaming.cpp Examining data/i2pd-2.32.1/libi2pd/Streaming.h Examining data/i2pd-2.32.1/libi2pd/Tag.h Examining data/i2pd-2.32.1/libi2pd/Timestamp.cpp Examining data/i2pd-2.32.1/libi2pd/Timestamp.h Examining data/i2pd-2.32.1/libi2pd/TransitTunnel.cpp Examining data/i2pd-2.32.1/libi2pd/TransitTunnel.h Examining data/i2pd-2.32.1/libi2pd/TransportSession.h Examining data/i2pd-2.32.1/libi2pd/Transports.cpp Examining data/i2pd-2.32.1/libi2pd/Transports.h Examining data/i2pd-2.32.1/libi2pd/Tunnel.cpp Examining data/i2pd-2.32.1/libi2pd/Tunnel.h Examining data/i2pd-2.32.1/libi2pd/TunnelBase.h Examining data/i2pd-2.32.1/libi2pd/TunnelConfig.h Examining data/i2pd-2.32.1/libi2pd/TunnelEndpoint.cpp Examining data/i2pd-2.32.1/libi2pd/TunnelEndpoint.h Examining data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp Examining data/i2pd-2.32.1/libi2pd/TunnelGateway.h Examining data/i2pd-2.32.1/libi2pd/TunnelPool.cpp Examining data/i2pd-2.32.1/libi2pd/TunnelPool.h Examining data/i2pd-2.32.1/libi2pd/api.cpp Examining data/i2pd-2.32.1/libi2pd/api.h Examining data/i2pd-2.32.1/libi2pd/util.cpp Examining data/i2pd-2.32.1/libi2pd/util.h Examining data/i2pd-2.32.1/libi2pd/version.h Examining data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp Examining data/i2pd-2.32.1/libi2pd_client/AddressBook.h Examining data/i2pd-2.32.1/libi2pd_client/BOB.cpp Examining data/i2pd-2.32.1/libi2pd_client/BOB.h Examining data/i2pd-2.32.1/libi2pd_client/ClientContext.cpp Examining data/i2pd-2.32.1/libi2pd_client/ClientContext.h Examining data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp Examining data/i2pd-2.32.1/libi2pd_client/HTTPProxy.h Examining data/i2pd-2.32.1/libi2pd_client/I2CP.cpp Examining data/i2pd-2.32.1/libi2pd_client/I2CP.h Examining data/i2pd-2.32.1/libi2pd_client/I2PService.cpp Examining data/i2pd-2.32.1/libi2pd_client/I2PService.h Examining data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp Examining data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h Examining data/i2pd-2.32.1/libi2pd_client/MatchedDestination.cpp Examining data/i2pd-2.32.1/libi2pd_client/MatchedDestination.h Examining data/i2pd-2.32.1/libi2pd_client/SAM.cpp Examining data/i2pd-2.32.1/libi2pd_client/SAM.h Examining data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp Examining data/i2pd-2.32.1/libi2pd_client/SOCKS.h Examining data/i2pd-2.32.1/qt/i2pd_qt/ClientTunnelPane.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/ClientTunnelPane.h Examining data/i2pd-2.32.1/qt/i2pd_qt/DaemonQT.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/DaemonQT.h Examining data/i2pd-2.32.1/qt/i2pd_qt/DelayedSaveManager.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/DelayedSaveManager.h Examining data/i2pd-2.32.1/qt/i2pd_qt/DelayedSaveManagerImpl.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/DelayedSaveManagerImpl.h Examining data/i2pd-2.32.1/qt/i2pd_qt/MainWindowItems.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/MainWindowItems.h Examining data/i2pd-2.32.1/qt/i2pd_qt/Saver.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/Saver.h Examining data/i2pd-2.32.1/qt/i2pd_qt/SaverImpl.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/SaverImpl.h Examining data/i2pd-2.32.1/qt/i2pd_qt/ServerTunnelPane.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/ServerTunnelPane.h Examining data/i2pd-2.32.1/qt/i2pd_qt/SignatureTypeComboboxFactory.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/SignatureTypeComboboxFactory.h Examining data/i2pd-2.32.1/qt/i2pd_qt/TunnelConfig.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/TunnelConfig.h Examining data/i2pd-2.32.1/qt/i2pd_qt/TunnelPane.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/TunnelPane.h Examining data/i2pd-2.32.1/qt/i2pd_qt/TunnelsPageUpdateListener.h Examining data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.h Examining data/i2pd-2.32.1/qt/i2pd_qt/mainwindow.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/mainwindow.h Examining data/i2pd-2.32.1/qt/i2pd_qt/pagewithbackbutton.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/pagewithbackbutton.h Examining data/i2pd-2.32.1/qt/i2pd_qt/textbrowsertweaked1.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/textbrowsertweaked1.h Examining data/i2pd-2.32.1/qt/i2pd_qt/widgetlock.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/widgetlock.h Examining data/i2pd-2.32.1/qt/i2pd_qt/widgetlockregistry.cpp Examining data/i2pd-2.32.1/qt/i2pd_qt/widgetlockregistry.h Examining data/i2pd-2.32.1/tests/test-aeadchacha20poly1305.cpp Examining data/i2pd-2.32.1/tests/test-base-64.cpp Examining data/i2pd-2.32.1/tests/test-blinding.cpp Examining data/i2pd-2.32.1/tests/test-elligator.cpp Examining data/i2pd-2.32.1/tests/test-gost-sig.cpp Examining data/i2pd-2.32.1/tests/test-gost.cpp Examining data/i2pd-2.32.1/tests/test-http-merge_chunked.cpp Examining data/i2pd-2.32.1/tests/test-http-req.cpp Examining data/i2pd-2.32.1/tests/test-http-res.cpp Examining data/i2pd-2.32.1/tests/test-http-url.cpp Examining data/i2pd-2.32.1/tests/test-http-url_decode.cpp Examining data/i2pd-2.32.1/tests/test-x25519.cpp FINAL RESULTS: data/i2pd-2.32.1/Win32/Win32App.cpp:277:7: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ShellExecute(NULL, "open", buf, NULL, NULL, SW_SHOWNORMAL); data/i2pd-2.32.1/daemon/HTTPServer.cpp:907:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPConnection::HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/daemon/HTTPServer.cpp:935:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPConnection::Terminate (const boost::system::error_code& ecode) data/i2pd-2.32.1/daemon/HTTPServer.cpp:939:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ignored_ec; data/i2pd-2.32.1/daemon/HTTPServer.cpp:1278:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPServer::HandleAccept(const boost::system::error_code& ecode, data/i2pd-2.32.1/daemon/HTTPServer.h:37:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/daemon/HTTPServer.h:38:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Terminate (const boost::system::error_code& ecode); data/i2pd-2.32.1/daemon/HTTPServer.h:76:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, data/i2pd-2.32.1/daemon/I2PControl.cpp:163:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PControlService::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket) data/i2pd-2.32.1/daemon/I2PControl.cpp:182:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PControlService::HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket) data/i2pd-2.32.1/daemon/I2PControl.cpp:205:62: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PControlService::HandleRequestReceived (const boost::system::error_code& ecode, data/i2pd-2.32.1/daemon/I2PControl.cpp:341:59: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PControlService::HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, data/i2pd-2.32.1/daemon/I2PControl.cpp:509:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [](const boost::system::error_code& ecode) data/i2pd-2.32.1/daemon/I2PControl.cpp:523:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [](const boost::system::error_code& ecode) data/i2pd-2.32.1/daemon/I2PControl.h:51:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket); data/i2pd-2.32.1/daemon/I2PControl.h:53:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleHandshake (const boost::system::error_code& ecode, std::shared_ptr<ssl_socket> socket); data/i2pd-2.32.1/daemon/I2PControl.h:55:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleRequestReceived (const boost::system::error_code& ecode, size_t bytes_transferred, data/i2pd-2.32.1/daemon/I2PControl.h:59:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleResponseSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, data/i2pd-2.32.1/daemon/UPnP.cpp:176:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_Timer.async_wait ([this](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Datagram.cpp:391:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_SendQueueTimer.async_wait([self](const boost::system::error_code & ec) { if(ec) return; self->FlushSendQueue(); }); data/i2pd-2.32.1/libi2pd/Destination.cpp:566:73: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void LeaseSetDestination::HandlePublishConfirmationTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Destination.cpp:592:73: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void LeaseSetDestination::HandlePublishVerificationTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Destination.cpp:628:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void LeaseSetDestination::HandlePublishDelayTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Destination.cpp:769:67: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void LeaseSetDestination::HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest) data/i2pd-2.32.1/libi2pd/Destination.cpp:807:61: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void LeaseSetDestination::HandleCleanupTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Destination.h:157:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePublishConfirmationTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Destination.h:158:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePublishVerificationTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Destination.h:159:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePublishDelayTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Destination.h:166:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleRequestTimoutTimer (const boost::system::error_code& ecode, const i2p::data::IdentHash& dest); data/i2pd-2.32.1/libi2pd/Destination.h:167:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleCleanupTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/FS.cpp:153:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:398:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:459:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionRequestSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:476:64: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionRequestReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:511:71: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionRequestPaddingReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:530:64: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionCreatedReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:564:71: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionCreatedPaddingReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:590:62: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionConfirmedSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:617:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionCreatedSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:634:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleSessionConfirmedReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:767:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleReceivedLength (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:792:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:818:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:998:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleI2NPMsgsSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1022:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Session::HandleNextFrameSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1171:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code e; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1303:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([conn, timeout](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1319:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Server::HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1334:83: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Server::HandleAccept (std::shared_ptr<NTCP2Session> conn, const boost::system::error_code& error) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1338:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1367:85: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Server::HandleAcceptV6 (std::shared_ptr<NTCP2Session> conn, const boost::system::error_code& error) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1371:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1401:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Server::HandleTerminationTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1443:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([conn, timeout](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1464:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCP2Server::HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer, const std::string & host, uint16_t port, RemoteAddressType addrtype) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1480:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [] (const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1490:71: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [this, readbuff, timer, conn, host, port, addrtype](const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1536:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [](const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1545:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [this, readbuff, timer, conn] (const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1615:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [buff](const boost::system::error_code & ec, std::size_t written) data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1625:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [timer, conn, sz, readbuff](const boost::system::error_code & e, std::size_t transferred) data/i2pd-2.32.1/libi2pd/NTCP2.h:160:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionRequestSent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:161:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionRequestReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:162:59: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionRequestPaddingReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:163:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionCreatedSent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:164:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionCreatedReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:165:59: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionCreatedPaddingReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:166:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionConfirmedSent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:167:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionConfirmedReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:171:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedLength (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:173:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:178:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleI2NPMsgsSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs); data/i2pd-2.32.1/libi2pd/NTCP2.h:180:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleNextFrameSent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCP2.h:259:72: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept (std::shared_ptr<NTCP2Session> conn, const boost::system::error_code& error); data/i2pd-2.32.1/libi2pd/NTCP2.h:260:74: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAcceptV6 (std::shared_ptr<NTCP2Session> conn, const boost::system::error_code& error); data/i2pd-2.32.1/libi2pd/NTCP2.h:262:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer); data/i2pd-2.32.1/libi2pd/NTCP2.h:263:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCP2Session> conn, std::shared_ptr<boost::asio::deadline_timer> timer, const std::string & host, uint16_t port, RemoteAddressType adddrtype); data/i2pd-2.32.1/libi2pd/NTCP2.h:267:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleTerminationTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:149:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase1Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:166:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase1Received (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:223:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase2Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:240:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase2Received (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:324:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase3Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:345:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase3Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:383:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase3ExtraReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB, size_t paddingLen) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:451:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase4Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:472:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandlePhase4Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:528:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:562:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:723:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPSession::HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:804:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code e; data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:957:81: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPServer::HandleAccept (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:961:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:992:83: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPServer::HandleAcceptV6 (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:996:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1036:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([conn](const boost::system::error_code& ecode) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1062:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([conn, timeout](const boost::system::error_code& ecode) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1075:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPServer::HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn, std::shared_ptr<boost::asio::deadline_timer> timer) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1099:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPServer::HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn, std::shared_ptr<boost::asio::deadline_timer> timer, const std::string & host, uint16_t port, RemoteAddressType addrtype) data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1112:125: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_write(conn->GetSocket(), boost::asio::buffer(buff, 3), boost::asio::transfer_all(), [=] (const boost::system::error_code & ec, std::size_t transferred) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1120:98: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff, 2), [=](const boost::system::error_code & ec, std::size_t transferred) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1162:112: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_write(conn->GetSocket(), writebuff.data(), boost::asio::transfer_all(), [=](const boost::system::error_code & ec, std::size_t transferred) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1169:94: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_read_until(conn->GetSocket(), *readbuff, "\r\n\r\n", [=] (const boost::system::error_code & ec, std::size_t transferred) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1247:124: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_write(conn->GetSocket(), boost::asio::buffer(buff, sz), boost::asio::transfer_all(), [=](const boost::system::error_code & ec, std::size_t written) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1255:98: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_read(conn->GetSocket(), boost::asio::buffer(readbuff, 10), [=](const boost::system::error_code & e, std::size_t transferred) { data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1283:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void NTCPServer::HandleTerminationTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/NTCPSession.h:88:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase1Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCPSession.h:89:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase2Received (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCPSession.h:91:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase3Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA); data/i2pd-2.32.1/libi2pd/NTCPSession.h:92:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase4Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsA); data/i2pd-2.32.1/libi2pd/NTCPSession.h:97:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase1Received (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCPSession.h:98:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase2Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB); data/i2pd-2.32.1/libi2pd/NTCPSession.h:99:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase3Received (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB); data/i2pd-2.32.1/libi2pd/NTCPSession.h:100:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase3ExtraReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred, uint32_t tsB, size_t paddingLen); data/i2pd-2.32.1/libi2pd/NTCPSession.h:102:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePhase4Sent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCPSession.h:106:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd/NTCPSession.h:112:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, std::vector<std::shared_ptr<I2NPMessage> > msgs); data/i2pd-2.32.1/libi2pd/NTCPSession.h:202:71: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error); data/i2pd-2.32.1/libi2pd/NTCPSession.h:203:73: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAcceptV6 (std::shared_ptr<NTCPSession> conn, const boost::system::error_code& error); data/i2pd-2.32.1/libi2pd/NTCPSession.h:205:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleConnect (const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn, std::shared_ptr<boost::asio::deadline_timer> timer); data/i2pd-2.32.1/libi2pd/NTCPSession.h:207:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleProxyConnect(const boost::system::error_code& ecode, std::shared_ptr<NTCPSession> conn, std::shared_ptr<boost::asio::deadline_timer> timer, const std::string & host, uint16_t port, RemoteAddressType adddrtype); data/i2pd-2.32.1/libi2pd/NTCPSession.h:212:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleTerminationTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Reseed.cpp:534:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ecode; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:231:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ecode; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:303:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ecode; data/i2pd-2.32.1/libi2pd/SSU.cpp:266:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet) data/i2pd-2.32.1/libi2pd/SSU.cpp:274:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/SSU.cpp:313:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet) data/i2pd-2.32.1/libi2pd/SSU.cpp:321:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/SSU.cpp:656:61: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandleIntroducersUpdateTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSU.cpp:758:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandlePeerTestsCleanupTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSU.cpp:787:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandleTerminationTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSU.cpp:815:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUServer::HandleTerminationTimerV6 (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSU.h:90:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedFrom (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet); data/i2pd-2.32.1/libi2pd/SSU.h:91:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedFromV6 (const boost::system::error_code& ecode, std::size_t bytes_transferred, SSUPacket * packet); data/i2pd-2.32.1/libi2pd/SSU.h:103:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleIntroducersUpdateTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSU.h:106:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePeerTestsCleanupTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSU.h:110:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleTerminationTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSU.h:112:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleTerminationTimerV6 (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSUData.cpp:361:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. catch (boost::system::system_error& ec) data/i2pd-2.32.1/libi2pd/SSUData.cpp:427:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_ResendTimer.async_wait ([s](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSUData.cpp:431:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUData::HandleResendTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSUData.cpp:451:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. catch (boost::system::system_error& ec) data/i2pd-2.32.1/libi2pd/SSUData.cpp:486:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_IncompleteMessagesCleanupTimer.async_wait ([s](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSUData.cpp:490:67: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUData::HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSUData.h:118:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleResendTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSUData.h:121:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleIncompleteMessagesCleanupTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:847:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SSUSession::HandleConnectTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/SSUSession.h:130:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleConnectTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Streaming.cpp:446:19: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. handler(boost::system::error_code ()); data/i2pd-2.32.1/libi2pd/Streaming.cpp:821:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Stream::HandleResendTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Streaming.cpp:882:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Stream::HandleAckSendTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Streaming.cpp:1095:64: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([s,timer,receiveStreamID](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Streaming.cpp:1195:70: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void StreamingDestination::HandlePendingIncomingTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Streaming.h:100:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. typedef std::function<void (const boost::system::error_code& ecode)> SendHandler; data/i2pd-2.32.1/libi2pd/Streaming.h:116:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (handler) handler(boost::system::error_code ()); data/i2pd-2.32.1/libi2pd/Streaming.h:214:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceiveTimer (const boost::system::error_code& ecode, const Buffer& buffer, ReceiveHandler handler, int remainingTimeout); data/i2pd-2.32.1/libi2pd/Streaming.h:217:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleResendTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Streaming.h:218:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAckSendTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Streaming.h:284:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePendingIncomingTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Streaming.h:328:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [self, buffer, handler, left](const boost::system::error_code & ec) data/i2pd-2.32.1/libi2pd/Streaming.h:337:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Stream::HandleReceiveTimer (const boost::system::error_code& ecode, const Buffer& buffer, ReceiveHandler handler, int remainingTimeout) data/i2pd-2.32.1/libi2pd/Streaming.h:341:20: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. handler (boost::system::error_code (), received); data/i2pd-2.32.1/libi2pd/Timestamp.cpp:57:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd/Timestamp.cpp:168:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_Timer.async_wait ([this](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Transports.cpp:710:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Transports::HandlePeerCleanupTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Transports.cpp:739:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void Transports::HandlePeerTestTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd/Transports.h:142:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePeerCleanupTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd/Transports.h:143:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandlePeerTestTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:606:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void AddressBook::HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:825:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [&](const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/AddressBook.h:110:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSubscriptionsUpdateTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd_client/BOB.cpp:49:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void BOBI2PInboundTunnel::HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<AddressReceiver> receiver) data/i2pd-2.32.1/libi2pd_client/BOB.cpp:67:64: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void BOBI2PInboundTunnel::HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred, data/i2pd-2.32.1/libi2pd_client/BOB.cpp:220:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/BOB.cpp:267:58: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void BOBCommandSession::HandleReceivedLine(const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/BOB.cpp:309:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void BOBCommandSession::HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/BOB.cpp:425:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/BOB.cpp:436:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/BOB.cpp:855:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void BOBCommandChannel::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session) data/i2pd-2.32.1/libi2pd_client/BOB.h:107:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<AddressReceiver> receiver); data/i2pd-2.32.1/libi2pd_client/BOB.h:110:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedAddress (const boost::system::error_code& ecode, std::size_t bytes_transferred, data/i2pd-2.32.1/libi2pd_client/BOB.h:218:41: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedLine(const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/BOB.h:219:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/BOB.h:222:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/BOB.h:261:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<BOBCommandSession> session); data/i2pd-2.32.1/libi2pd_client/ClientContext.cpp:863:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void ClientContext::CleanupUDP(const boost::system::error_code & ecode) data/i2pd-2.32.1/libi2pd_client/ClientContext.h:120:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void CleanupUDP(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:63:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:68:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SentHTTPFailed(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:77:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamHTTPProxyConnect(const boost::system::error_code & ec); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:78:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamSocksProxyConnect(const boost::system::error_code & ec); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:82:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSocksProxySendHandshake(const boost::system::error_code & ec, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:83:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSocksProxyReply(const boost::system::error_code & ec, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:87:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamProxyResolved(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr, ProxyResolvedHandler handler); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:471:64: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleUpstreamProxyResolved(const boost::system::error_code & ec, boost::asio::ip::tcp::resolver::iterator it, ProxyResolvedHandler handler) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:477:68: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleUpstreamSocksProxyConnect(const boost::system::error_code & ec) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:511:66: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleSocksProxySendHandshake(const boost::system::error_code & ec, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:565:118: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_write(*m_sock, boost::asio::buffer(m_send_buf), boost::asio::transfer_all(), [&] (const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:573:122: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::asio::async_write(*m_proxysock, boost::asio::buffer(m_send_buf), boost::asio::transfer_all(), [&](const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:581:58: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleSocksProxyReply(const boost::system::error_code & ec, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:599:67: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleUpstreamHTTPProxyConnect(const boost::system::error_code & ec) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:608:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:626:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HTTPReqHandler::SentHTTPFailed(const boost::system::error_code & ecode) data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:223:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [s](const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:240:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2CPSession::HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:275:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2CPSession::HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:332:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2CPSession::HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf) data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:862:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2CPServer::HandleAccept(const boost::system::error_code& ecode, data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:867:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/I2CP.h:152:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedHeader (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2CP.h:154:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedPayload (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2CP.h:158:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleI2CPMessageSent (const boost::system::error_code& ecode, std::size_t bytes_transferred, const uint8_t * buf); data/i2pd-2.32.1/libi2pd_client/I2CP.h:200:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<I2CPSession::proto::socket> socket); data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:80:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PService::HandleReadyCheckTimer(const boost::system::error_code &ec) data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:126:80: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. AddReadyCallback([this, streamRequestComplete, address, port] (const boost::system::error_code & ec) data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:241:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void TCPIPPipe::HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered) data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:256:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void TCPIPPipe::HandleDownstreamWrite(const boost::system::error_code & ecode) { data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:267:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void TCPIPPipe::HandleUpstreamWrite(const boost::system::error_code & ecode) { data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:278:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void TCPIPPipe::HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transfered) data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:320:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void TCPIPAcceptor::HandleAccept (const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket) data/i2pd-2.32.1/libi2pd_client/I2PService.h:30:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. typedef std::function<void(const boost::system::error_code &)> ReadyCallback; data/i2pd-2.32.1/libi2pd_client/I2PService.h:74:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReadyCheckTimer(const boost::system::error_code & ec); data/i2pd-2.32.1/libi2pd_client/I2PService.h:138:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2PService.h:139:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleDownstreamReceived(const boost::system::error_code & ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2PService.h:140:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamWrite(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/I2PService.h:141:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleDownstreamWrite(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/I2PService.h:183:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<boost::asio::ip::tcp::socket> socket); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:117:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:131:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PTunnelConnection::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:147:23: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. [s](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:158:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PTunnelConnection::HandleWrite (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:194:62: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PTunnelConnection::HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:221:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PTunnelConnection::HandleConnect (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:241:33: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. HandleStreamReceive (boost::system::error_code (), dest.size ()); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:503:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:524:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PServerTunnel::HandleResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it, data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:693:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void UDPSession::HandleReceived(const boost::system::error_code & ecode, std::size_t len) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:787:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void I2PUDPClientTunnel::HandleRecvFromLocal(const boost::system::error_code & ec, std::size_t transferred) data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:57:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:59:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleWrite (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:62:43: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleStreamReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:63:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleConnect (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:190:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived(const boost::system::error_code & ecode, std::size_t len); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:274:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleRecvFromLocal(const boost::system::error_code & e, std::size_t transferred); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.h:316:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it, data/i2pd-2.32.1/libi2pd_client/MatchedDestination.cpp:49:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. m_ResolveTimer->async_wait([&](const boost::system::error_code & ec) { data/i2pd-2.32.1/libi2pd_client/SAM.cpp:70:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/SAM.cpp:99:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleHandshakeReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:159:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_HANDSHAKE_REPLY, version.c_str ()); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:181:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleHandshakeReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:214:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleMessageReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred, bool close) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:231:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleMessage (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:364:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code e; data/i2pd-2.32.1/libi2pd_client/SAM.cpp:431:65: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleSessionReadinessCheckTimer (const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:463:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l2 = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_SESSION_CREATE_REPLY_OK, priv); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:627:14: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_DEST_REPLY, data/i2pd-2.32.1/libi2pd_client/SAM.cpp:670:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_INVALID_KEY, name.c_str()); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:682:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_SESSION_STATUS_I2P_ERROR, msg.c_str()); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:700:17: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t len = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY_INVALID_KEY, name.c_str()); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:712:14: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l = snprintf (m_Buffer, SAM_SOCKET_BUFFER_SIZE, SAM_NAMING_REPLY, base64.c_str ()); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:743:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:806:59: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleWriteI2PDataImmediate(const boost::system::error_code & ec, uint8_t * buff) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:820:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleI2PReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:857:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleWriteI2PData (const boost::system::error_code& ecode, size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:904:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. HandleI2PReceive (boost::system::error_code (), l1 +1); // we send identity like it has been received from stream data/i2pd-2.32.1/libi2pd_client/SAM.cpp:943:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l = snprintf ((char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE, SAM_DATAGRAM_RECEIVED, base64.c_str (), (long unsigned int)len); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:971:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. size_t l = snprintf ((char *)m_StreamBuffer, SAM_SOCKET_BUFFER_SIZE, SAM_RAW_RECEIVED, (long unsigned int)len); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:984:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMSocket::HandleStreamSend(const boost::system::error_code & ec) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:1074:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMBridge::HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<SAMSocket> socket) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:1078:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. boost::system::error_code ec; data/i2pd-2.32.1/libi2pd_client/SAM.cpp:1175:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. timer->async_wait ([timer, session](const boost::system::error_code& ecode) data/i2pd-2.32.1/libi2pd_client/SAM.cpp:1220:55: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SAMBridge::HandleReceivedDatagram (const boost::system::error_code& ecode, std::size_t bytes_transferred) data/i2pd-2.32.1/libi2pd_client/SAM.h:113:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleHandshakeReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SAM.h:114:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleHandshakeReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SAM.h:115:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleMessage (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SAM.h:117:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleMessageReplySent (const boost::system::error_code& ecode, std::size_t bytes_transferred, bool close); data/i2pd-2.32.1/libi2pd_client/SAM.h:119:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceived (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SAM.h:122:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleI2PReceive (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SAM.h:124:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleWriteI2PData (const boost::system::error_code& ecode, size_t sz); data/i2pd-2.32.1/libi2pd_client/SAM.h:141:56: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSessionReadinessCheckTimer (const boost::system::error_code& ecode); data/i2pd-2.32.1/libi2pd_client/SAM.h:147:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleWriteI2PDataImmediate(const boost::system::error_code & ec, uint8_t * buff); data/i2pd-2.32.1/libi2pd_client/SAM.h:148:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleStreamSend(const boost::system::error_code & ec); data/i2pd-2.32.1/libi2pd_client/SAM.h:215:35: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleAccept(const boost::system::error_code& ecode, std::shared_ptr<SAMSocket> socket); data/i2pd-2.32.1/libi2pd_client/SAM.h:218:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleReceivedDatagram (const boost::system::error_code& ecode, std::size_t bytes_transferred); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:124:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:134:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SentSocksFailed(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:135:36: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SentSocksDone(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:136:40: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SentSocksResponse(const boost::system::error_code & ecode); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:144:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamSockSend(const boost::system::error_code & ecode, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:145:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:146:46: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamConnected(const boost::system::error_code & ecode, data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:148:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void HandleUpstreamResolved(const boost::system::error_code & ecode, data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:577:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::HandleSockRecv(const boost::system::error_code & ecode, std::size_t len) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:612:50: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::SentSocksFailed(const boost::system::error_code & ecode) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:619:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::SentSocksDone(const boost::system::error_code & ecode) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:637:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::SentSocksResponse(const boost::system::error_code & ecode) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:681:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::HandleUpstreamSockRecv(const boost::system::error_code & ecode, std::size_t bytes_transfered) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:763:58: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::HandleUpstreamConnected(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr) data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:774:57: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. void SOCKSHandler::HandleUpstreamResolved(const boost::system::error_code & ecode, boost::asio::ip::tcp::resolver::iterator itr) data/i2pd-2.32.1/daemon/HTTPServer.cpp:1225:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint8_t random[16]; data/i2pd-2.32.1/daemon/HTTPServer.cpp:1229:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. pass.resize(sizeof(random)); data/i2pd-2.32.1/daemon/HTTPServer.cpp:1230:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. RAND_bytes(random, sizeof(random)); data/i2pd-2.32.1/daemon/HTTPServer.cpp:1230:30: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. RAND_bytes(random, sizeof(random)); data/i2pd-2.32.1/daemon/HTTPServer.cpp:1231:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. for (size_t i = 0; i < sizeof(random); i++) { data/i2pd-2.32.1/daemon/HTTPServer.cpp:1232:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. pass[i] = alnum[random[i] % (sizeof(alnum) - 1)]; data/i2pd-2.32.1/libi2pd/Elligator.cpp:51:84: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bool Elligator2::Encode (const uint8_t * key, uint8_t * encoded, bool highY, bool random) const data/i2pd-2.32.1/libi2pd/Elligator.cpp:75:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random) data/i2pd-2.32.1/libi2pd/Elligator.cpp:97:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random) data/i2pd-2.32.1/libi2pd/FS.cpp:86:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("HOME"); data/i2pd-2.32.1/libi2pd/FS.cpp:92:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char * ext = getenv("EXTERNAL_STORAGE"); data/i2pd-2.32.1/libi2pd/FS.cpp:101:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *home = getenv("HOME"); data/i2pd-2.32.1/libi2pd/Gzip.cpp:80:8: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. os.setstate(std::ios_base::failbit); data/i2pd-2.32.1/libi2pd/RouterContext.cpp:37:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (i2p::util::GetMillisecondsSinceEpoch () % 1000); data/i2pd-2.32.1/Win32/Win32App.cpp:96:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (nid.szTip, "i2pd"); data/i2pd-2.32.1/Win32/Win32App.cpp:97:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (nid.szInfo, "i2pd is starting"); data/i2pd-2.32.1/Win32/Win32App.cpp:273:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/i2pd-2.32.1/Win32/Win32Service.cpp:298:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPath[MAX_PATH]; data/i2pd-2.32.1/daemon/Daemon.cpp:204:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). auto value = std::atoi(bandwidth.c_str()); data/i2pd-2.32.1/daemon/HTTPServer.cpp:886:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[128]; data/i2pd-2.32.1/daemon/HTTPServer.h:51:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_Buffer[HTTP_CONNECTION_BUFFER_SIZE + 1]; data/i2pd-2.32.1/daemon/I2PControl.cpp:332:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf->data (), header.str ().c_str (), offset); data/i2pd-2.32.1/daemon/I2PControl.cpp:334:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf->data () + offset, response.str ().c_str (), len); data/i2pd-2.32.1/daemon/I2PControl.cpp:554:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i2p::context.SetBandwidth (std::atoi(value.c_str())); data/i2pd-2.32.1/daemon/I2PControl.cpp:562:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i2p::context.SetBandwidth (std::atoi(value.c_str())); data/i2pd-2.32.1/daemon/I2PControl.cpp:592:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (crt_path, "wb")) != NULL) { data/i2pd-2.32.1/daemon/I2PControl.cpp:601:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen (key_path, "wb")) != NULL) { data/i2pd-2.32.1/daemon/UPnP.h:77:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_NetworkAddr[64]; data/i2pd-2.32.1/daemon/UPnP.h:78:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_externalIPAddress[40]; data/i2pd-2.32.1/daemon/UnixDaemon.cpp:143:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidFH = open(pidfile.c_str(), O_RDWR | O_CREAT, 0600); data/i2pd-2.32.1/daemon/UnixDaemon.cpp:157:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid[10]; data/i2pd-2.32.1/daemon/UnixDaemon.cpp:158:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pid, "%d\n", getpid()); data/i2pd-2.32.1/libi2pd/Base.cpp:18:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char T32[32] = data/i2pd-2.32.1/libi2pd/Base.cpp:41:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char T64[64] = data/i2pd-2.32.1/libi2pd/Base.cpp:62:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iT64[256]; data/i2pd-2.32.1/libi2pd/Blinding.cpp:147:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey.data (), identity->GetSigningPublicKeyBuffer (), len); data/i2pd-2.32.1/libi2pd/Blinding.cpp:186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey.data (), addr + offset, len); data/i2pd-2.32.1/libi2pd/Blinding.cpp:198:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint8_t addr[35]; char str[60]; // TODO: define actual length data/i2pd-2.32.1/libi2pd/Blinding.cpp:204:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr + 3, m_PublicKey.data (), m_PublicKey.size ()); data/i2pd-2.32.1/libi2pd/Blinding.cpp:305:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currentDate[9]; data/i2pd-2.32.1/libi2pd/ChaCha20.h:57:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, other.data, sizeof(uint32_t) * 16); data/i2pd-2.32.1/libi2pd/Crypto.cpp:308:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey, pub, 32); // TODO: verify against m_Pkey data/i2pd-2.32.1/libi2pd/Crypto.cpp:316:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, priv, 32); data/i2pd-2.32.1/libi2pd/Crypto.cpp:318:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey, pub, 32); data/i2pd-2.32.1/libi2pd/Crypto.cpp:374:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (priv, m_PrivateKey, 32); data/i2pd-2.32.1/libi2pd/Crypto.cpp:386:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, priv, 32); data/i2pd-2.32.1/libi2pd/Crypto.cpp:422:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m+33, data, 222); data/i2pd-2.32.1/libi2pd/Crypto.cpp:466:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, m + 33, 222); data/i2pd-2.32.1/libi2pd/Crypto.cpp:528:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m+33, data, 222); data/i2pd-2.32.1/libi2pd/Crypto.cpp:588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, m + 33, 222); data/i2pd-2.32.1/libi2pd/Crypto.cpp:682:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 8, msg, len); data/i2pd-2.32.1/libi2pd/Crypto.cpp:1174:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, msg, msgLen); data/i2pd-2.32.1/libi2pd/Crypto.cpp:1267:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. iv[0] = htole32 (1); memcpy (iv + 1, nonce, 12); // counter | nonce data/i2pd-2.32.1/libi2pd/Crypto.cpp:1276:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (out != msg) memcpy (out, msg, msgLen); data/i2pd-2.32.1/libi2pd/Crypto.cpp:1309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, info.c_str (), l); out[l] = 0x01; data/i2pd-2.32.1/libi2pd/Crypto.cpp:1313:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + 32, info.c_str (), l); out[l + 32] = 0x02; data/i2pd-2.32.1/libi2pd/Crypto.h:224:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_LastBlock, iv, 16); }; // 16 bytes data/i2pd-2.32.1/libi2pd/Crypto.h:225:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_LastBlock, 16); }; data/i2pd-2.32.1/libi2pd/Crypto.h:247:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void SetIV (const uint8_t * iv) { memcpy ((uint8_t *)m_IV, iv, 16); }; // 16 bytes data/i2pd-2.32.1/libi2pd/Crypto.h:248:38: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void GetIV (uint8_t * iv) const { memcpy (iv, (const uint8_t *)m_IV, 16); }; data/i2pd-2.32.1/libi2pd/CryptoKey.cpp:20:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey, pub, 256); data/i2pd-2.32.1/libi2pd/CryptoKey.cpp:31:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, priv, 256); data/i2pd-2.32.1/libi2pd/CryptoKey.cpp:161:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKey, pub, 32); data/i2pd-2.32.1/libi2pd/CryptoKey.cpp:166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pub, m_PublicKey, 32); data/i2pd-2.32.1/libi2pd/CryptoKey.cpp:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pub, k.GetPublicKey (), 32); data/i2pd-2.32.1/libi2pd/Destination.cpp:308:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data.k, key, 32); data/i2pd-2.32.1/libi2pd/Destination.cpp:309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data.t, tag, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:31:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NextRootKey, keydata, 32); // nextRootKey = keydata[0:31] data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:34:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SymmKeyCK, m_KeyData.buf + 32, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:41:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SessTagConstant, m_KeyData.GetSessTagConstant (), 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:75:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, m_CurrentSymmKeyCK + 32, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (key, it->second, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CK, protocolNameHash, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_H, hh, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:194:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_RemoteStaticKey, fs, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:293:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NextSendRatchet->remote, buf, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NextReceiveRatchet->remote, buf, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:423:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + offset, &tag, 8); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:430:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NSREncodedKey, out + offset, 56); // for possible next NSR data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:431:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NSRH, m_H, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:479:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, &tag, 8); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:480:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + 8, m_NSREncodedKey, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:482:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_H, m_NSRH, 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:516:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. uint8_t h[32]; memcpy (h, m_H, 32); // save m_H data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_H, h, 32); // restore m_H data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:582:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, &tag, 8); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:795:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v.data () + offset, m_NextReceiveRatchet->key.GetPublicKey (), 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:810:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (v.data () + offset, m_NextSendRatchet->key.GetPublicKey (), 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:836:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 1, *m_Destination, 32); buf += 32; data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:844:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 9, msg->GetPayload (), msg->GetPayloadLength ()); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:865:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + DATABASE_STORE_KEY_OFFSET, ls->GetStoreHash (), 32); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:869:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, ls->GetBuffer (), ls->GetBufferLen ()); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:894:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + offset, &tag, 8); offset += 8; data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.cpp:905:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + 9, msg->GetPayload (), msg->GetPayloadLength ()); data/i2pd-2.32.1/libi2pd/ECIESX25519AEADRatchetSession.h:127:52: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. void SetRemoteStaticKey (const uint8_t * key) { memcpy (m_RemoteStaticKey, key, 32); } data/i2pd-2.32.1/libi2pd/Ed25519.cpp:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signature, R, EDDSA25519_SIGNATURE_LENGTH/2); data/i2pd-2.32.1/libi2pd/Ed25519.cpp:196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signature, R, EDDSA25519_SIGNATURE_LENGTH/2); data/i2pd-2.32.1/libi2pd/Ed25519.cpp:519:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (k, e, 32); data/i2pd-2.32.1/libi2pd/Ed25519.cpp:531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (k, e, 32); data/i2pd-2.32.1/libi2pd/FS.cpp:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localAppData[MAX_PATH]; data/i2pd-2.32.1/libi2pd/Family.cpp:41:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/i2pd-2.32.1/libi2pd/Family.cpp:132:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, family.c_str (), len); data/i2pd-2.32.1/libi2pd/Family.cpp:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, (const uint8_t *)ident, 32); data/i2pd-2.32.1/libi2pd/Family.cpp:166:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, family.c_str (), len); data/i2pd-2.32.1/libi2pd/Family.cpp:167:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, (const uint8_t *)ident, 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SessionKey, sessionKey, 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:163:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (elGamal.sessionKey, m_SessionKey, 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:177:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, tag, 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + blockSize, newTags->sessionTags[i], 32); // tags data/i2pd-2.32.1/libi2pd/Garlic.cpp:300:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + size, m_Destination->GetIdentHash (), 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + size, msg->GetBuffer (), msg->GetLength ()); data/i2pd-2.32.1/libi2pd/Garlic.cpp:333:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + size, inboundTunnel->GetNextIdentHash (), 32); // To Hash data/i2pd-2.32.1/libi2pd/Garlic.cpp:341:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + size, msg->GetBuffer (), msg->GetLength ()); data/i2pd-2.32.1/libi2pd/Garlic.cpp:504:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&tag, buf, 8); data/i2pd-2.32.1/libi2pd/Gost.cpp:143:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * params[eGOSTR3410NumParamSets][6] = data/i2pd-2.32.1/libi2pd/Gost.cpp:842:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, res, 64); data/i2pd-2.32.1/libi2pd/Gost.cpp:874:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (h.buf, iv, 64); data/i2pd-2.32.1/libi2pd/Gost.cpp:881:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m.buf, buf + l - 64, 64); // TODO data/i2pd-2.32.1/libi2pd/Gost.cpp:894:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m.buf + padding, buf, l); data/i2pd-2.32.1/libi2pd/Gost.cpp:905:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (digest, h.buf, 64); data/i2pd-2.32.1/libi2pd/Gost.cpp:914:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (digest, h, 32); // first half data/i2pd-2.32.1/libi2pd/Gost.cpp:946:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ctx->h.buf, iv, 64); data/i2pd-2.32.1/libi2pd/Gost.cpp:994:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m.buf + padding, ctx->m.buf, ctx->len); data/i2pd-2.32.1/libi2pd/Gzip.cpp:45:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, in + 15, len); data/i2pd-2.32.1/libi2pd/Gzip.cpp:169:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, gzipHeader, 11); data/i2pd-2.32.1/libi2pd/Gzip.cpp:172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + 15, in, inLen); data/i2pd-2.32.1/libi2pd/Gzip.cpp:181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out, gzipHeader, 11); data/i2pd-2.32.1/libi2pd/Gzip.cpp:189:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (out + 15 + len1, it.first, it.second); data/i2pd-2.32.1/libi2pd/HTTP.cpp:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/i2pd-2.32.1/libi2pd/HTTP.cpp:394:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). code = atoi(tokens[1].c_str()); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:89:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg->GetBuffer (), buf, len); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:132:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, key, 32); // key data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:134:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, from, 32); // from data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, it, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:179:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, dest, 32); // key data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, replyTunnel->GetNextIdentHash (), 32); // reply tunnel GW data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:200:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, it, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, replyKey, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:207:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 33, replyTag, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:221:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, ident, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, it, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, i2p::context.GetRouterInfo ().GetIdentHash (), 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:245:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + DATABASE_STORE_KEY_OFFSET, router->GetIdentHash (), 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:253:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, router->GetIdentHash (), 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:285:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + DATABASE_STORE_KEY_OFFSET, storeHash, 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:289:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ()); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + DATABASE_STORE_KEY_OFFSET, leaseSet->GetStoreHash (), 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + size, replyTunnel->GetNextIdentHash (), 32); data/i2pd-2.32.1/libi2pd/I2NPProtocol.cpp:317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + size, leaseSet->GetBuffer (), leaseSet->GetBufferLen ()); data/i2pd-2.32.1/libi2pd/I2NPProtocol.h:176:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, buf1, len1); data/i2pd-2.32.1/libi2pd/I2NPProtocol.h:183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + offset, other.buf + other.offset, other.GetLength ()); data/i2pd-2.32.1/libi2pd/I2NPProtocol.h:203:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (header, GetHeader (), I2NP_HEADER_SIZE); data/i2pd-2.32.1/libi2pd/I2NPProtocol.h:216:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (GetHeader () + I2NP_HEADER_TYPEID_OFFSET, ntcp2 + I2NP_HEADER_TYPEID_OFFSET, 5); // typeid + msgid data/i2pd-2.32.1/libi2pd/I2NPProtocol.h:226:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ntcp2 + I2NP_HEADER_TYPEID_OFFSET, GetHeader () + I2NP_HEADER_TYPEID_OFFSET, 5); // typeid + msgid data/i2pd-2.32.1/libi2pd/I2PEndian.h:61:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b16, buf, sizeof(uint16_t)); data/i2pd-2.32.1/libi2pd/I2PEndian.h:68:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b32, buf, sizeof(uint32_t)); data/i2pd-2.32.1/libi2pd/I2PEndian.h:75:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&b64, buf, sizeof(uint64_t)); data/i2pd-2.32.1/libi2pd/I2PEndian.h:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &b16, sizeof(uint16_t)); data/i2pd-2.32.1/libi2pd/I2PEndian.h:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &b32, sizeof(uint32_t)); data/i2pd-2.32.1/libi2pd/I2PEndian.h:106:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &b64, sizeof(uint64_t)); data/i2pd-2.32.1/libi2pd/Identity.cpp:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (publicKey, buf, DEFAULT_IDENTITY_SIZE); data/i2pd-2.32.1/libi2pd/Identity.cpp:51:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.publicKey, publicKey, 256); // publicKey in awlays assumed 256 regardless actual size, padding must be taken care of data/i2pd-2.32.1/libi2pd/Identity.cpp:62:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP256_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Identity.cpp:69:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::ECDSAP384_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Identity.cpp:74:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey, signingKey, 128); data/i2pd-2.32.1/libi2pd/Identity.cpp:77:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (excessBuf, signingKey + 128, excessLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:90:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Identity.cpp:98:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_256_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Identity.cpp:105:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StandardIdentity.signingKey, signingKey, i2p::crypto::GOSTR3410_512_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Identity.cpp:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ExtendedBuffer + 4, excessBuf, excessLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:176:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&m_StandardIdentity, &other.m_StandardIdentity, DEFAULT_IDENTITY_SIZE); data/i2pd-2.32.1/libi2pd/Identity.cpp:184:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ExtendedBuffer, other.m_ExtendedBuffer, m_ExtendedLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE); data/i2pd-2.32.1/libi2pd/Identity.cpp:228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:254:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, &m_StandardIdentity, DEFAULT_IDENTITY_SIZE); data/i2pd-2.32.1/libi2pd/Identity.cpp:256:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + DEFAULT_IDENTITY_SIZE, m_ExtendedBuffer, m_ExtendedLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signingKey, m_StandardIdentity.signingKey, 128); data/i2pd-2.32.1/libi2pd/Identity.cpp:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types data/i2pd-2.32.1/libi2pd/Identity.cpp:448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, keys.privateKey, 256); // 256 data/i2pd-2.32.1/libi2pd/Identity.cpp:449:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SigningPrivateKey, keys.signingPrivateKey, m_Public->GetSigningPrivateKeyLen ()); data/i2pd-2.32.1/libi2pd/Identity.cpp:461:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, other.m_PrivateKey, 256); // 256 data/i2pd-2.32.1/libi2pd/Identity.cpp:465:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SigningPrivateKey, other.m_SigningPrivateKey, m_TransientSigningPrivateKeyLen > 0 ? m_TransientSigningPrivateKeyLen : m_Public->GetSigningPrivateKeyLen ()); data/i2pd-2.32.1/libi2pd/Identity.cpp:484:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, buf + ret, 256); // private key always 256 data/i2pd-2.32.1/libi2pd/Identity.cpp:488:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SigningPrivateKey, buf + ret, signingPrivateKeySize); data/i2pd-2.32.1/libi2pd/Identity.cpp:521:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_OfflineSignature.data (), offlineInfo, offlineInfoLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:525:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SigningPrivateKey, buf + ret, m_TransientSigningPrivateKeyLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:537:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + ret, m_PrivateKey, 256); // private key always 256 data/i2pd-2.32.1/libi2pd/Identity.cpp:544:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + ret, m_SigningPrivateKey, signingPrivateKeySize); data/i2pd-2.32.1/libi2pd/Identity.cpp:551:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + ret, m_OfflineSignature.data (), offlineSignatureLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:555:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + ret, m_SigningPrivateKey, m_TransientSigningPrivateKeyLen); data/i2pd-2.32.1/libi2pd/Identity.cpp:807:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, (const uint8_t *)ident, 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:71:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_EncryptionKey, m_Buffer + size, 256); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:493:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9]; data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:512:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (subcredential + 32, publishedTimestamp, 4); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:531:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (innerInput + 32, subcredential, 36); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:602:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 32, ck.GetPublicKey (), 32); // cpk_i data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:603:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 64, subcredential, 36); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:626:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput, secret, 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:627:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 32, subcredential, 36); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:697:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, encryptionPublicKey, 256); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:709:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, tunnels[i]->GetNextIdentHash (), 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:731:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:819:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, offlineSignature.data (), offlineSignature.size ()); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:829:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, it.encryptionPublicKey, it.keyLen); offset += it.keyLen; // key data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:836:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, tunnels[i]->GetNextIdentHash (), 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:858:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + 1, buf, len); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:882:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9]; data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:889:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset, blindedPub, publicKeyLen); offset += publicKeyLen; // Blinded Public Key data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:925:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (innerInput + 32, subcredential, 36); // + subcredential || publishedTimestamp data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:932:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer + offset + 1, ls->GetBuffer (), ls->GetBufferLen ()); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:963:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authData, ek.GetPublicKey (), 32); authData += 32; // epk data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:966:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 64, subcredential, 36); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:970:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 32, it, 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:973:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authData, okm + 44, 8); authData += 8; // clientID_i data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:981:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authData, authSalt, 32); authData += 32; // authSalt data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:984:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput + 32, subcredential, 36); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:987:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authInput, it, 32); data/i2pd-2.32.1/libi2pd/LeaseSet.cpp:990:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (authData, okm + 44, 8); authData += 8; // clientID_i data/i2pd-2.32.1/libi2pd/LittleBigEndian.h:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[sizeof(T)]; data/i2pd-2.32.1/libi2pd/LittleBigEndian.h:150:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[sizeof(T)]; data/i2pd-2.32.1/libi2pd/Log.cpp:20:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * g_LogLevelStr[eNumLogLevels] = data/i2pd-2.32.1/libi2pd/Log.h:60:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_LastDateTime[64]; data/i2pd-2.32.1/libi2pd/NTCP2.cpp:69:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CK, protocolNameHash, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m3p2 + 4, i2p::context.GetRouterInfo ().GetBuffer (), bufLen); // TODO: own RI should be protected by mutex data/i2pd-2.32.1/libi2pd/NTCP2.cpp:343:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SessionConfirmedBuffer + 16, m_H, 32); // h || ciphertext data/i2pd-2.32.1/libi2pd/NTCP2.cpp:372:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Establisher->m_RemoteStaticKey, addr->ntcp2->staticKey, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:373:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Establisher->m_IV, addr->ntcp2->iv, 16); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:439:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Kab, k, 32); memcpy (m_Kba, k + 32, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:439:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Kab, k, 32); memcpy (m_Kba, k + 32, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:443:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (h, m_Establisher->GetH (), 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:444:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (h + 32, "siphash", 7); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:447:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Sipkeysab, k, 32); memcpy (m_Sipkeysba, k + 32, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:447:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Sipkeysab, k, 32); memcpy (m_Sipkeysba, k + 32, 32); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:606:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ReceiveIV.buf, m_Sipkeysba + 16, 8); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:607:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SendIV.buf, m_Sipkeysab + 16, 8); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:659:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ReceiveIV.buf, m_Sipkeysab + 16, 8); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:660:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_SendIV.buf, m_Sipkeysba + 16, 8); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:888:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (nextMsg->GetNTCP2Header (), frame + offset, size); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1095:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NextSendBuffer + 6, i2p::context.GetRouterInfo ().GetBuffer (), riLen); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1213:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_NTCP2V6Acceptor->open (boost::asio::ip::tcp::v6()); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1598:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff->data () + 4, addrbytes.data(), 4); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:1605:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff->data () + 4, addrbytes.data(), 16); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:61:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aesKey + 1, sharedKey, 31); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:64:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aesKey, sharedKey, 32); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:78:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (aesKey, nonZero, 32); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:130:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Establisher->phase1.pubKey, x, 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:206:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Establisher->phase2.pubKey, y, 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (xy, m_Establisher->phase1.pubKey, 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:209:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (xy + 256, y, 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:212:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Establisher->phase2.encrypted.timestamp, &tsB, 4); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:274:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (xy, m_DHKeysPair->GetPublicKey (), 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (xy + 256, m_Establisher->phase2.pubKey, 256); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:558:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ReceiveBuffer, nextBlock, m_ReceiveBufferOffset); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:574:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (moreBuf, m_ReceiveBuffer, m_ReceiveBufferOffset); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:601:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_ReceiveBuffer, nextBlock, m_ReceiveBufferOffset); // nextBlock points to memory inside buf data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:631:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NextMessage->GetBuffer () - 2, buf, 16); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:848:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_NTCPV6Acceptor->open (boost::asio::ip::tcp::v6()); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1222:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+4, addrbytes.data(), addrsize); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1230:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+4, addrbytes.data(), addrsize); data/i2pd-2.32.1/libi2pd/NTCPSession.cpp:1243:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+5, host.c_str(), addrsize); data/i2pd-2.32.1/libi2pd/NetDb.cpp:740:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, buf, 33); // key + type data/i2pd-2.32.1/libi2pd/NetDb.cpp:746:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + payloadOffset, msgLen); data/i2pd-2.32.1/libi2pd/NetDb.cpp:758:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[48]; data/i2pd-2.32.1/libi2pd/NetDb.cpp:827:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char peerHash[48]; data/i2pd-2.32.1/libi2pd/NetDb.cpp:856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[48]; data/i2pd-2.32.1/libi2pd/NetDb.cpp:964:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&tag, excluded + 33, 8); data/i2pd-2.32.1/libi2pd/Poly1305.h:38:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[17]; data/i2pd-2.32.1/libi2pd/Poly1305.h:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, d, 16); data/i2pd-2.32.1/libi2pd/Poly1305.h:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_Buffer + m_Leftover, buf, want); data/i2pd-2.32.1/libi2pd/Poly1305.h:189:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_Buffer+m_Leftover, buf, sz); data/i2pd-2.32.1/libi2pd/Poly1305.h:242:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, m_H, 16); data/i2pd-2.32.1/libi2pd/Reseed.cpp:161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magicNumber[7]; data/i2pd-2.32.1/libi2pd/Reseed.cpp:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signerID[256]; data/i2pd-2.32.1/libi2pd/Reseed.cpp:310:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localFileName[255]; data/i2pd-2.32.1/libi2pd/Reseed.cpp:452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/i2pd-2.32.1/libi2pd/Reseed.cpp:627:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+5, url.host.c_str(), hostsz); data/i2pd-2.32.1/libi2pd/Reseed.cpp:677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recv_buf[1024]; size_t l = 0; data/i2pd-2.32.1/libi2pd/RouterContext.cpp:150:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_NTCP2Keys->staticPublicKey, m_StaticKeys->GetPublicKey (), 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:53:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:92:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, buf, len); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:202:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transportStyle[6]; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[255], value[255]; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:340:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[255], value[255]; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:367:58: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (!strcmp (key, ROUTER_INFO_PROPERTY_NETID) && atoi (value) != i2p::context.GetNetID ()) data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:522:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:656:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_Buffer, s.str ().c_str (), m_BufferLen); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:731:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr->ssu->key, key, 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:752:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr->ntcp2->staticKey, staticKey, 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:753:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr->ntcp2->iv, iv, 16); data/i2pd-2.32.1/libi2pd/SSU.cpp:58:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_Socket.open (boost::asio::ip::udp::v4()); data/i2pd-2.32.1/libi2pd/SSU.cpp:75:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_SocketV6.open (boost::asio::ip::udp::v6()); data/i2pd-2.32.1/libi2pd/SSUData.cpp:166:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (frag + 1, buf, 3); data/i2pd-2.32.1/libi2pd/SSUData.cpp:345:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, (uint8_t *)(&fragmentInfo) + 1, 3); data/i2pd-2.32.1/libi2pd/SSUData.cpp:347:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, msgBuf, size); data/i2pd-2.32.1/libi2pd/SSUData.h:62:46: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. fragmentNum (n), len (l), isLast (last) { memcpy (buf, b, len); }; data/i2pd-2.32.1/libi2pd/SSUSession.cpp:65:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sessionKey + 1, sharedKey, 31); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:66:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (macKey, sharedKey + 31, 32); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:70:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sessionKey, sharedKey, 32); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:71:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (macKey, sharedKey + 32, 32); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:87:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (sessionKey, nonZero, 32); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:263:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), ourAddress, 4); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:269:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), ourAddress, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, m_DHKeysPair->GetPublicKey (), 256); // x data/i2pd-2.32.1/libi2pd/SSUSession.cpp:384:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + 257, m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data(), 4); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:389:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + 257, m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data(), 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:417:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, (const uint8_t *)address->ssu->key, 32); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:444:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, m_DHKeysPair->GetPublicKey (), 256); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:452:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, m_RemoteEndpoint.address ().to_v4 ().to_bytes ().data(), 4); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:461:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, m_RemoteEndpoint.address ().to_v6 ().to_bytes ().data(), 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:597:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, from.address ().to_v4 ().to_bytes ().data (), 4); // Alice's IP V4 data/i2pd-2.32.1/libi2pd/SSUSession.cpp:604:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, from.address ().to_v6 ().to_bytes ().data (), 16); // Alice's IP V6 data/i2pd-2.32.1/libi2pd/SSUSession.cpp:668:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), buf, 4); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:674:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), buf, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:730:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (header->iv, iv, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:740:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, iv, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:762:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, header->iv, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:812:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + len, header->iv, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1046:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), address, 4); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1052:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data (), address, 16); data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1090:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + 1, address.to_v4 ().to_bytes ().data (), 4); // our IP V4 data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1095:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + 1, address.to_v6 ().to_bytes ().data (), 16); // our IP V6 data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1114:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, addr->ssu->key, 32); // intro key data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1119:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload, introKey, 32); // intro key data/i2pd-2.32.1/libi2pd/SSUSession.cpp:1203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + sizeof (SSUHeader), payload, len); data/i2pd-2.32.1/libi2pd/Signature.cpp:52:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PublicKeyEncoded, signingKey, EDDSA25519_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Signature.cpp:140:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signature, sig, 64); data/i2pd-2.32.1/libi2pd/Signature.h:370:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Signature.h:507:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_PrivateKey, signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Signature.h:532:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH); data/i2pd-2.32.1/libi2pd/Streaming.cpp:38:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + offset, nextBuffer->GetRemaningBuffer (), rem); data/i2pd-2.32.1/libi2pd/Streaming.cpp:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + offset, nextBuffer->GetRemaningBuffer (), len - offset); data/i2pd-2.32.1/libi2pd/Streaming.cpp:331:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (signature, optionData, signatureLen); data/i2pd-2.32.1/libi2pd/Streaming.cpp:342:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (const_cast<uint8_t *>(optionData), signature, signatureLen); data/i2pd-2.32.1/libi2pd/Streaming.cpp:508:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (packet + size, offlineSignature.data (), offlineSignature.size ()); data/i2pd-2.32.1/libi2pd/Streaming.cpp:692:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + pos, packet->GetBuffer (), l); data/i2pd-2.32.1/libi2pd/Streaming.h:111:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, b, len); data/i2pd-2.32.1/libi2pd/Tag.h:35:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. Tag (const uint8_t * buf) { memcpy (m_Buf, buf, sz); } data/i2pd-2.32.1/libi2pd/Tag.h:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[sz*2]; data/i2pd-2.32.1/libi2pd/Tag.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[sz*2]; data/i2pd-2.32.1/libi2pd/Timestamp.cpp:63:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open (boost::asio::ip::udp::v4 (), ec); data/i2pd-2.32.1/libi2pd/Timestamp.cpp:206:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(date, "%04i%02i%02i", tm.tm_year + 1900, tm.tm_mon + 1, tm.tm_mday); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:99:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_OUR_IDENT_OFFSET, ident->GetIdentHash (), 32); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:101:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET, nextIdent, 32); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:102:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET, layerKey, 32); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:103:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_IV_KEY_OFFSET, ivKey, 32); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:104:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_REPLY_KEY_OFFSET, replyKey, 32); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:105:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (clearText + BUILD_REQUEST_RECORD_REPLY_IV_OFFSET, replyIV, 16); data/i2pd-2.32.1/libi2pd/TunnelConfig.h:116:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (record + BUILD_REQUEST_RECORD_TO_PEER_OFFSET, (const uint8_t *)ident->GetIdentHash (), 16); data/i2pd-2.32.1/libi2pd/TunnelEndpoint.cpp:38:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg->GetPayload () + TUNNEL_DATA_MSG_SIZE, msg->GetPayload () + 4, 16); // copy iv to the end data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:54:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (di + diLen, block.hash, 32); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:80:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len, di, diLen); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:81:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len + diLen, msg->GetBuffer (), msg->GetLength ()); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:93:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&msgID, msg->GetHeader () + I2NP_HEADER_MSGID_OFFSET, 4); // in network bytes order data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:102:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len, di, diLen); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_CurrentTunnelDataMsg->buf + m_CurrentTunnelDataMsg->len + diLen, msg->GetBuffer (), size); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:124:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 7, msg->GetBuffer () + size, s); data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:178:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (payload + size, buf + 4, 16); // copy IV for checksum data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf+20, hash, 4); // checksum data/i2pd-2.32.1/libi2pd/TunnelGateway.cpp:188:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 24, m_NonZeroRandomBuffer + randomOffset, paddingSize); data/i2pd-2.32.1/libi2pd/util.cpp:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_copy[INET6_ADDRSTRLEN + 1]; data/i2pd-2.32.1/libi2pd/util.cpp:368:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[INET6_ADDRSTRLEN]; data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:701:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 9, address.c_str (), address.length ()); data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:944:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address[255]; data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:945:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (address, buf + 9, l); data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:951:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (response + 4, buf + 4, 4); // nonce data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:954:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (response + 8, it->second, 32); // ident data/i2pd-2.32.1/libi2pd_client/BOB.h:89:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BOB_COMMAND_BUFFER_SIZE + 1]; // for destination base64 address data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:504:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_socks_buf+ reqsize, host.c_str(), host.size()); data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:58:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_EncryptionPrivateKey, key, 256); data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:110:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 4, payload, len); data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:323:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + I2CP_HEADER_SIZE, payload, len); data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:352:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + 1, str.c_str (), l); data/i2pd-2.32.1/libi2pd_client/I2CP.cpp:779:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf + I2CP_HEADER_SIZE + 10, payload, len); data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:251:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_upstream_buf, m_downstream_to_up_buf, bytes_transfered); data/i2pd-2.32.1/libi2pd_client/I2PService.cpp:288:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_downstream_buf, m_upstream_to_down_buf, bytes_transfered); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:75:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (bytes.data ()+1, ident, 3); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:99:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_Socket->open (boost::asio::ip::tcp::v4 ()); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:239:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StreamBuffer, dest.c_str (), dest.size ()); data/i2pd-2.32.1/libi2pd_client/I2PTunnel.cpp:683:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Identity, to->data(), 32); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:456:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char priv[1024]; data/i2pd-2.32.1/libi2pd_client/SAM.cpp:929:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, base64.c_str(), bsz); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:933:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+bsz+1, buf, len); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:947:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StreamBuffer + l, buf, len); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:975:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_StreamBuffer + l, buf, len); data/i2pd-2.32.1/libi2pd_client/SAM.h:155:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_Buffer[SAM_SOCKET_BUFFER_SIZE + 1]; data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[max_socks_hostname_size]; data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:42:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value,str.c_str(),size); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_response + 4, addr.ipv6, 16); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:269:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_response + 5, addr.dns.value, addr.dns.size); data/i2pd-2.32.1/libi2pd_client/SOCKS.cpp:298:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_upstream_request + upstreamRequestSize, m_address.dns.value, m_address.dns.size); data/i2pd-2.32.1/qt/i2pd_qt/SaverImpl.cpp:34:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile.open(confpath.toStdString());//TODO handle errors data/i2pd-2.32.1/qt/i2pd_qt/SaverImpl.cpp:57:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile.open(tunconfpath.toStdString());//TODO handle errors data/i2pd-2.32.1/tests/test-aeadchacha20poly1305.cpp:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buf, text, 114); data/i2pd-2.32.1/tests/test-base-64.cpp:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[16]; data/i2pd-2.32.1/tests/test-blinding.cpp:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date[9]; data/i2pd-2.32.1/Win32/Win32Service.cpp:309:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(szPath, SvcOpt, strlen(SvcOpt)); data/i2pd-2.32.1/Win32/Win32Service.cpp:309:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(szPath, SvcOpt, strlen(SvcOpt)); data/i2pd-2.32.1/daemon/I2PControl.cpp:240:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_transferred = boost::asio::read (*socket, boost::asio::buffer (buf->data (), rem)); data/i2pd-2.32.1/daemon/UnixDaemon.cpp:80:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(S_IWGRP | S_IRWXO); // 0027 data/i2pd-2.32.1/daemon/UnixDaemon.cpp:160:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(pidFH, pid, strlen(pid)) < 0) data/i2pd-2.32.1/libi2pd/Destination.cpp:1145:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read ((char *)keys->pub, 256); data/i2pd-2.32.1/libi2pd/Destination.cpp:1146:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read ((char *)keys->priv, 256); data/i2pd-2.32.1/libi2pd/FS.cpp:87:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dataDir = (home != NULL && strlen(home) > 0) ? home : ""; data/i2pd-2.32.1/libi2pd/FS.cpp:104:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (home != NULL && strlen(home) > 0) { data/i2pd-2.32.1/libi2pd/Family.cpp:125:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = family.length (), signatureLen = strlen (signature); data/i2pd-2.32.1/libi2pd/Garlic.cpp:913:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read ((char *)&t, 4); if (f.eof ()) break; data/i2pd-2.32.1/libi2pd/Garlic.cpp:916:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read ((char *)tag, 32); data/i2pd-2.32.1/libi2pd/Garlic.cpp:917:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read ((char *)key, 32); data/i2pd-2.32.1/libi2pd/Gzip.cpp:94:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read ((char *) buf, GZIP_CHUNK_SIZE); data/i2pd-2.32.1/libi2pd/HTTP.cpp:84:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::string url(str, len ? len : strlen(str)); data/i2pd-2.32.1/libi2pd/HTTP.cpp:281:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = eol + strlen(CRLF); data/i2pd-2.32.1/libi2pd/HTTP.cpp:285:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return eoh + strlen(HTTP_EOH); data/i2pd-2.32.1/libi2pd/HTTP.cpp:409:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = eol + strlen(CRLF); data/i2pd-2.32.1/libi2pd/HTTP.cpp:413:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return eoh + strlen(HTTP_EOH); data/i2pd-2.32.1/libi2pd/HTTP.cpp:495:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in.read (buf, len); data/i2pd-2.32.1/libi2pd/NTCP2.cpp:797:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). moreBytes = boost::asio::read (m_Socket, boost::asio::buffer(m_NextReceivedBuffer, m_NextReceivedLen), boost::asio::transfer_all (), ec); data/i2pd-2.32.1/libi2pd/Reseed.cpp:162:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read (magicNumber, 7); // magic number and zero byte 6 data/i2pd-2.32.1/libi2pd/Reseed.cpp:170:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&signatureType, 2); // signature type data/i2pd-2.32.1/libi2pd/Reseed.cpp:173:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&signatureLength, 2); // signature length data/i2pd-2.32.1/libi2pd/Reseed.cpp:177:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&versionLength, 1); // version length data/i2pd-2.32.1/libi2pd/Reseed.cpp:180:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&signerIDLength, 1); // signer ID length data/i2pd-2.32.1/libi2pd/Reseed.cpp:182:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&contentLength, 8); // content length data/i2pd-2.32.1/libi2pd/Reseed.cpp:186:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&fileType, 1); // file type data/i2pd-2.32.1/libi2pd/Reseed.cpp:194:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&contentType, 1); // content type data/i2pd-2.32.1/libi2pd/Reseed.cpp:204:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read (signerID, signerIDLength); // signerID data/i2pd-2.32.1/libi2pd/Reseed.cpp:221:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)tbs, tbsLen); data/i2pd-2.32.1/libi2pd/Reseed.cpp:223:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)signature, signatureLength); data/i2pd-2.32.1/libi2pd/Reseed.cpp:279:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&signature, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:286:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&bitFlag, 2); data/i2pd-2.32.1/libi2pd/Reseed.cpp:289:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&compressionMethod, 2); data/i2pd-2.32.1/libi2pd/Reseed.cpp:294:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&crc_32, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:296:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&compressedSize, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:298:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&uncompressedSize, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:301:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&fileNameLength, 2); data/i2pd-2.32.1/libi2pd/Reseed.cpp:308:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&extraFieldLength, 2); data/i2pd-2.32.1/libi2pd/Reseed.cpp:311:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read (localFileName, fileNameLength); data/i2pd-2.32.1/libi2pd/Reseed.cpp:323:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&crc_32, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:325:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&compressedSize, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:327:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&uncompressedSize, 4); data/i2pd-2.32.1/libi2pd/Reseed.cpp:342:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)compressed, compressedSize); data/i2pd-2.32.1/libi2pd/Reseed.cpp:427:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&nextByte, 1); data/i2pd-2.32.1/libi2pd/Reseed.cpp:604:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). boost::asio::read(sock, boost::asio::buffer(hs_readbuf, 2), ecode); data/i2pd-2.32.1/libi2pd/Reseed.cpp:638:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). boost::asio::read(sock, boost::asio::buffer(buf, 10), ecode); data/i2pd-2.32.1/libi2pd/RouterContext.cpp:632:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fk.read ((char *)&keys, sizeof (keys)); data/i2pd-2.32.1/libi2pd/RouterContext.cpp:638:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fk.read ((char *)buf, len); data/i2pd-2.32.1/libi2pd/RouterContext.cpp:652:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n2k.read ((char *)m_NTCP2Keys.get (), sizeof (NTCP2PrivateKeys)); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:128:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read((char *)m_Buffer, m_BufferLen); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:188:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&m_Timestamp, sizeof (m_Timestamp)); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:193:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&numAddresses, sizeof (numAddresses)); if (!s) return; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:199:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&address->cost, sizeof (address->cost)); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:200:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&address->date, sizeof (address->date)); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:219:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&size, sizeof (size)); if (!s) return; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:262:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Base64ToByteStream (value, strlen (value), address->ssu->key, 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:272:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Base64ToByteStream (value, strlen (value), address->ntcp2->staticKey, 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:278:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Base64ToByteStream (value, strlen (value), address->ntcp2->iv, 16); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:290:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(key); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:311:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Base64ToByteStream (value, strlen (value), introducer.iKey, 32); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:332:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&numPeers, sizeof (numPeers)); if (!s) return; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:336:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&size, sizeof (size)); if (!s) return; data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:684:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)&l, 1); data/i2pd-2.32.1/libi2pd/RouterInfo.cpp:687:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read (str, l); data/i2pd-2.32.1/libi2pd/util.cpp:42:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (src_copy, src, INET6_ADDRSTRLEN + 1); data/i2pd-2.32.1/libi2pd/util.cpp:317:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ifr.ifr_name, ifa->ifa_name, IFNAMSIZ); // set interface for query data/i2pd-2.32.1/libi2pd_client/AddressBook.cpp:108:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). f.read((char *)buf, len); data/i2pd-2.32.1/libi2pd_client/ClientContext.cpp:272:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s.read ((char *)buf, len); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:53:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str.length() == (pos + std::strlen(suffix))) data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:202:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::size_t len = std::strlen(param); data/i2pd-2.32.1/libi2pd_client/HTTPProxy.cpp:215:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (params["update"] == "true") { len += std::strlen("&update=true"); confirm = true; } data/i2pd-2.32.1/libi2pd_client/SAM.cpp:166:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_HANDSHAKE_NOVERSION, strlen (SAM_HANDSHAKE_NOVERSION), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:337:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_SESSION_CREATE_INVALID_ID, strlen(SAM_SESSION_CREATE_INVALID_ID), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:344:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_SESSION_CREATE_DUPLICATED_ID, strlen(SAM_SESSION_CREATE_DUPLICATED_ID), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:386:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_SESSION_STATUS_INVALID_KEY, strlen(SAM_SESSION_STATUS_INVALID_KEY), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:396:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply(SAM_SESSION_STATUS_INVALID_KEY, strlen(SAM_SESSION_STATUS_INVALID_KEY), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:428:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_SESSION_CREATE_DUPLICATED_DEST, strlen(SAM_SESSION_CREATE_DUPLICATED_DEST), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:506:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_INVALID_KEY, strlen(SAM_STREAM_STATUS_INVALID_KEY), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:509:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_INVALID_ID, strlen(SAM_STREAM_STATUS_INVALID_ID), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:522:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_OK, strlen(SAM_STREAM_STATUS_OK), false); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:533:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_CANT_REACH_PEER, strlen(SAM_STREAM_STATUS_CANT_REACH_PEER), true); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:555:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_OK, strlen(SAM_STREAM_STATUS_OK), false); data/i2pd-2.32.1/libi2pd_client/SAM.cpp:558:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SendMessageReply (SAM_STREAM_STATUS_INVALID_ID, strlen(SAM_STREAM_STATUS_INVALID_ID), true); data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.cpp:26:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read<0)read=0; data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.cpp:27:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QString ret=QString::fromUtf8(buf, read); data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.h:38:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). emit resultReady(read); data/i2pd-2.32.1/qt/i2pd_qt/logviewermanager.h:42:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void resultReady(QString read); data/i2pd-2.32.1/tests/test-base-64.cpp:10:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t in_len = strlen(in); data/i2pd-2.32.1/tests/test-base-64.cpp:34:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(Base64ToByteStream(in, strlen(in), (uint8_t *) out, sizeof(out)) == 4); data/i2pd-2.32.1/tests/test-base-64.cpp:38:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(Base64ToByteStream(in, strlen(in), (uint8_t *) out, sizeof(out)) == 0); data/i2pd-2.32.1/tests/test-http-req.cpp:19:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/i2pd-2.32.1/tests/test-http-req.cpp:38:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/i2pd-2.32.1/tests/test-http-req.cpp:51:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/i2pd-2.32.1/tests/test-http-req.cpp:60:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/i2pd-2.32.1/tests/test-http-req.cpp:72:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/i2pd-2.32.1/tests/test-http-res.cpp:18:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); ANALYSIS SUMMARY: Hits = 797 Lines analyzed = 56063 in approximately 1.51 seconds (37160 lines/second) Physical Source Lines of Code (SLOC) = 47041 Hits@level = [0] 20 [1] 98 [2] 385 [3] 14 [4] 300 [5] 0 Hits@level+ = [0+] 817 [1+] 797 [2+] 699 [3+] 314 [4+] 300 [5+] 0 Hits/KSLOC@level+ = [0+] 17.3678 [1+] 16.9427 [2+] 14.8594 [3+] 6.67503 [4+] 6.37742 [5+] 0 Symlinks skipped = 2 (--allowlink overrides but see doc for security issue) Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.